Class: DockerStorageDriverAufs

Inherits:

Dockscan::Modules::AuditModule

• Object
• Dockscan::Modules::GenericModule
• Dockscan::Modules::AuditModule
• DockerStorageDriverAufs

Defined in:

lib/dockscan/modules/audit/docker-storage-driver-aufs.rb

Instance Attribute Summary

Attributes inherited from Dockscan::Modules::AuditModule

#scandata

Instance Method Summary

• #check(dockercheck) ⇒ Object
• #info ⇒ Object

Methods inherited from Dockscan::Modules::AuditModule

#idcontainer

Methods inherited from Dockscan::Modules::GenericModule

inherited, modules

Instance Method Details

#check(dockercheck) ⇒ Object

# File 'lib/dockscan/modules/audit/docker-storage-driver-aufs.rb', line 7

def check(dockercheck)
	sp=Dockscan::Scan::Plugin.new
	si=Dockscan::Scan::Issue.new
	si.title="Running aufs as storage driver"
	si.description="Docker daemon reports it is running aufs as storage driver.\nThis is not recommended for production as it might have problems and security issues."
	si.solution="It is recommended to use devicemapper instead of aufs storage driver. Actually, you should use the storage driver that is best supported by your vendor."
	si.severity=4 # Low
	si.risk = { "cvss" => 3.2 } 
	si.reflinks = {"Switching Docker from aufs to devicemapper" => "http://muehe.org/posts/switching-docker-from-aufs-to-devicemapper/"}
	si.references = {"CIS" => "2.7 Do not use the aufs storage driver" }
	sp.vuln=si	
	if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("Driver")
		sp.state="run"
		if scandata["GetDockerInfo"].obj["Driver"] == true then
			sp.output = "Docker daemon reports it is running aufs as storage driver."
			sp.state="vulnerable"
		end
	end
	return sp
end

#info ⇒ Object

# File 'lib/dockscan/modules/audit/docker-storage-driver-aufs.rb', line 3

def info
	return 'This plugin checks if storage driver is aufs'
end