turbot/docker_compliance

Query: exec_permissions_660_docker_sock

Usage

powerpipe query docker_compliance.query.exec_permissions_660_docker_sock

Steampipe Tables

SQL

with os_output as (
select
btrim(stdout_output, E' \n\r\t') as os,
_ctx ->> 'connection_name' as os_conn
from
exec_command
where
command = 'uname -s'
), hostname as (
select
btrim(stdout_output, E' \n\r\t') as host,
_ctx ->> 'connection_name' as host_conn,
_ctx
from
exec_command
where
command = 'hostname'
),
linux_output as (
select
stdout_output,
stderr_output,
_ctx ->> 'connection_name' as conn
from
exec_command,
os_output
where
os_conn = _ctx ->> 'connection_name'
and os_output.os = 'Linux'
and command = 'stat -c %a /var/run/docker.sock'
),
darwin_output as (
select
stdout_output,
stderr_output,
_ctx ->> 'connection_name' as conn
from
exec_command,
os_output
where
os_conn = _ctx ->> 'connection_name'
and os_output.os = 'Darwin'
and command = 'stat -f %Op /var/run/docker.sock'
),
command_output as (
select * from darwin_output
union all
select * from linux_output
)
select
host as resource,
case
when o.stderr_output like '%No such file or directory%' then 'skip'
when o.stdout_output like '%660%' then 'ok'
else 'alarm'
end as status,
case
when o.stderr_output like host || '%No such file or directory%' then ' recommendation is not applicable as the file is unavailable.'
else host || ' docker.socket file permission set to ' || (btrim(o.stdout_output, E' \n\r\t')) || '.'
end as reason
, h._ctx ->> 'connection_name' as connection_name
from
hostname as h,
os_output as os,
command_output as o
where
os.os_conn = h.host_conn
and h.host_conn = o.conn;

Controls

The query is being used by the following controls: