Add files via upload

Added 5.24.1 and 5.24.2

README.md

@@ -7,17 +7,27 @@ It is based on CIS_Docker_Benchmark_v1.3.1 standard and influenced from docker-b
 
 The tests are automated for each dobby containers.
 
-**Running Dobby Security Tool**
+Running Dobby Security Tool
 
 git clone https://github.com/DineshkumarJP/dobby-security-tool.git
 
 cd dobby-security
 
-./dobby-security.sh container_name
+./dobby-security.sh -c container_name 
 
-Ex: ./dobby-security.sh Netflix
+Ex: ./dobby-security.sh -c Netflix 
 
-After excuted the script, you will get the output as test results summary.
+If required additional prints for more information, follow below command
+  Ex: ./dobby-security.sh -c Netflix -v
+For help message, follow the below command
+  Ex: ./dobby-security.sh -h
+
+Options:
+  -b   optional        Do not print colors
+  -c   mandatory       Container name (Ensure the container is running)
+  -h   optional        Print this help message
+  -v   optional        prints the additional prints
+
 
 
-![image](https://user-images.githubusercontent.com/99791803/159849800-91830041-0e7e-444a-a3b6-d8032e43eed7.png)
+After excuted the script, you will get the output as test results summary.

dobby_security.sh

@@ -8,13 +8,16 @@ crunVersion=$(crun --version)
 
 usage () {
   cat <<EOF
+
 Checks for dozens of common best-practices around deploying Dobby containers in production.
 Based on the CIS Docker Benchmark 1.4.0.
 Usage: ./dobby_security.sh -c Netflix [OPTIONS] 
 Options:
-  -c           mandatory Container name (Ensure the container is running)
-  -h           optional  Print this help message
-  -V	       optional  prints the additional prints
+  -b    optional   Do not print colors
+  -c    mandatory  Container name (Ensure the container is running)
+  -h    optional   Print this help message
+  -v	optional   prints the additional prints
+
 EOF
 }
 
@@ -23,12 +26,12 @@ EOF
 # If you add an option here, please
 # remember to update usage() above.
 
-while getopts bhl:c:b:v:h:V args
+while getopts bhl:c:v args
 do
   case $args in
   c) containername="$OPTARG" ;;
   b) nocolor="nocolor";;
-  V) verbose="verbose";;
+  v) verbose="verbose";;
   h) usage; exit 0 ;;
   esac
 done
@@ -110,6 +113,8 @@ test_5_12_2
 test_5_15
 test_5_17
 test_5_24
+test_5_24_1
+test_5_24_2
 test_5_28
 test_5_29
 test_5_31

functions/output.sh

@@ -10,6 +10,14 @@ bldmgnclr='\033[1;35m' # Bold Magenta
 bldwhtclr='\033[1;37m' # Bold white
 txtrst='\033[0m'	   # No Color
 
+if [ -n "$nocolor" ] && [ "$nocolor" == "nocolor" ]; then
+  bldredclr=''
+  bldgrnclr=''
+  bldbluclr=''
+  bldylwclr=''
+  txtrst=''
+fi
+
 
 # Print the text
 printtxt () {

tests/5_dobby_container_runtime_test.sh

@@ -52,7 +52,8 @@ test_5_5() {
 	DobbyInit_PID=$(ps -fe | grep DobbyInit | grep $containername | awk '{print $2}')
 
         output_1=$(cat /proc/$DobbyInit_PID/mounts | grep  -E 'boot|dev|etc|lib|proc|sys|usr|bin|sbin|opt')
-	input=( "/boot" "/etc" "/lib" "/usr" "/bin" "/sbin" "/opt" )
+	input=( "/boot" "/dev" "/etc" "/lib" "/proc" "/sys" "/usr" "/bin" "/sbin" "/opt" )
+
 	        for i in "${input[@]}"
         	do
         		var=$(echo $output_1 | grep -E "(^| )$i( |$)")
@@ -254,6 +255,41 @@ test_5_24() {
 
 }
 
+test_5_24_1() {
+
+        local testid="5.24.1"
+        local desc="Ensure that CPU cgroup restrictions are enabled"
+        local check="$testid - $desc"
+	local output
+
+	output=$(DobbyTool info $containername | grep  -E 'cpu|percpu') 
+	if [ "$output" == "" ]; then
+		fail "$check"
+		return
+	fi
+
+	pass "$check"
+
+}
+
+test_5_24_2() {
+
+        local testid="5.24.2"
+        local desc="Ensure that GPU cgroup restrictions are enabled in supported platforms (Only supported for Mali patforms)"
+        local check="$testid - $desc"
+        local output
+
+        output=$(DobbyTool info $containername | grep "gpu")
+        if [ "$output" == "" ]; then
+                fail "$check"
+                return
+        fi
+
+        pass "$check"
+
+}
+
+
 test_5_28() {
 	local testid="5.28"
 	local desc="Ensure that the PIDs cgroup limit is used"