turbot/docker_compliance

Query: exec_swarm_services_bound_to_specific_host_interface

Usage

powerpipe query docker_compliance.query.exec_swarm_services_bound_to_specific_host_interface

Steampipe Tables

SQL

with hostname as (
select
btrim(stdout_output, E' \n\r\t') as host,
_ctx ->> 'connection_name' as host_conn,
_ctx
from
exec_command
where
command = 'hostname'
),
command_output as (
select
stdout_output,
_ctx ->> 'connection_name' as conn
from
exec_command
where
command = 'docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*"'
),
json_output as (
select
e.stdout_output,
_ctx ->> 'connection_name' as conn
from
exec_command as e,
command_output as c
where
c.conn = _ctx ->> 'connection_name'
and c.stdout_output <> ''
and command = 'netstat -lnt | grep -e ''\\[::]:2377 '' -e '':::2377'' -e ''*:2377 '' -e '' 0\.0\.0\.0:2377 '''
)
select
h.host as resource,
case
when o.stdout_output = '' then 'ok'
when j.stdout_output <> '' then 'ok'
else 'alarm'
end as status,
case
when o.stdout_output = '' then h.host || ' Swarm mode not enabled.'
when j.stdout_output <> '' then h.host || ' swarm services are bound to a specific host interface.'
else h.host || ' swarm services are not bound to a specific host interface.'
end as reason
, h._ctx ->> 'connection_name' as connection_name
from
hostname as h
left join command_output as o on h.host_conn = o.conn
left join json_output as j on o.conn = j.conn;

Controls

The query is being used by the following controls: