Check if docker is running before check containers running Fail2ban or CrowdSec

2025-02-02 16:23:53 +03:00 · 2025-01-13 19:26:15 +01:00 · 2025-01-13 19:26:15 +01:00 · 4acd58cdf1
commit 4acd58cdf1
parent 8efad6a94c
1 changed files with 18 additions and 6 deletions
--- a/vps-audit.sh
+++ b/vps-audit.sh
@ -214,9 +214,15 @@ if dpkg -l | grep -q "fail2ban"; then
 fi

 # Check docker container running fail2ban
-if docker ps -a | awk '{print $2}' | grep "fail2ban"; then
-    IPS_INSTALLED=1
-    docker ps | grep -q "fail2ban" && IPS_ACTIVE=1
+if command -v docker >/dev/null 2>&1; then
+    if systemctl is-active --quiet docker; then
+        if docker ps -a | awk '{print $2}' | grep "fail2ban" >/dev/null 2>&1; then
+            IPS_INSTALLED=1
+            docker ps | grep -q "fail2ban" && IPS_ACTIVE=1
+        fi
+    else
+        check_security "Intrusion Prevention" "WARN" "Docker is instaleld but not running - cannot check for Fail2ban containers"
+    fi
 fi

 if dpkg -l | grep -q "crowdsec"; then
@ -225,9 +231,15 @@ if dpkg -l | grep -q "crowdsec"; then
 fi

 # Check docker container running crowdsec
-if docker ps -a | awk '{print $2}' | grep "crowdsec"; then
-    IPS_INSTALLED=1
-    docker ps | grep -q "crowdsec" && IPS_ACTIVE=1
+if command -v docker >/dev/null 2>&1; then
+    if systemctl is-active --quiet docker; then
+        if docker ps -a | awk '{print $2}' | grep "crowdsec" >/dev/null 2>&1; then
+            IPS_INSTALLED=1
+            docker ps | grep -q "crowdsec" && IPS_ACTIVE=1
+        fi
+    else
+        check_security "Intrusion Prevention" "WARN" "Docker is instaleld but not running - cannot check for CrowdSec containers"
+    fi
 fi

 case "$IPS_INSTALLED$IPS_ACTIVE" in