Update required programs check to use tr command instead of truncate command #527
Description
Issue
I have tried to use docker-bench-security in a custom Linux environment where 'tr' command is not available. Running docker-bench-security in this environment results in multiple warning messages in different checks.
./functions/helper_lib.sh: line 82: tr: command not found
./functions/helper_lib.sh: line 52: tr: command not found
./functions/helper_lib.sh: line 120: tr: command not found
./tests/1_host_configuration.sh: line 645: tr: command not found
./tests/5_container_runtime.sh: line 120: tr: command not found
Cause
These warnings are logged as 'tr' command is missing in this environment. Though docker-bench-security has done checks for required programs, its checking for 'truncate' command instead 'tr' command https://github.com/docker/docker-bench-security/blob/master/docker-bench-security.sh#L27.
$ truncate --help
Usage: truncate OPTION... FILE...
Shrink or extend the size of each FILE to the specified size
$ tr --help
Usage: tr [OPTION]... SET1 [SET2]
Translate, squeeze, and/or delete characters from standard input,
writing to standard output.
Suggestion
Docker bench security can check for 'tr' command in the required programs list instead of 'truncate' command.
Docker Bench Version
# --------------------------------------------------------------------------------------------
# Docker Bench for Security v1.5.0
#
# Docker, Inc. (c) 2015-2023
#
# Checks for dozens of common best-practices around deploying Docker containers in production.
# Based on the CIS Docker Benchmark 1.5.0.
# --------------------------------------------------------------------------------------------
Docker Version
Version: 20.10.14
API version: 1.41 (minimum version 1.12)
Go version: go1.20.4
Metadata
Metadata
Assignees
Labels
No labels