From 4acd58cdf17607678f2be251e5343a1505c05aa0 Mon Sep 17 00:00:00 2001
From: alvarosaavedrau <cloud@alvarosaavedra.es>
Date: Mon, 13 Jan 2025 19:26:15 +0100
Subject: [PATCH] Check if docker is running before check containers running
 Fail2ban or CrowdSec

---
 vps-audit.sh | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/vps-audit.sh b/vps-audit.sh
index eefe21c..8045a05 100755
--- a/vps-audit.sh
+++ b/vps-audit.sh
@@ -214,9 +214,15 @@ if dpkg -l | grep -q "fail2ban"; then
 fi
 
 # Check docker container running fail2ban
-if docker ps -a | awk '{print $2}' | grep "fail2ban"; then
-    IPS_INSTALLED=1
-    docker ps | grep -q "fail2ban" && IPS_ACTIVE=1
+if command -v docker >/dev/null 2>&1; then
+    if systemctl is-active --quiet docker; then
+        if docker ps -a | awk '{print $2}' | grep "fail2ban" >/dev/null 2>&1; then
+            IPS_INSTALLED=1
+            docker ps | grep -q "fail2ban" && IPS_ACTIVE=1
+        fi
+    else
+        check_security "Intrusion Prevention" "WARN" "Docker is instaleld but not running - cannot check for Fail2ban containers"
+    fi
 fi
 
 if dpkg -l | grep -q "crowdsec"; then
@@ -225,9 +231,15 @@ if dpkg -l | grep -q "crowdsec"; then
 fi
 
 # Check docker container running crowdsec
-if docker ps -a | awk '{print $2}' | grep "crowdsec"; then
-    IPS_INSTALLED=1
-    docker ps | grep -q "crowdsec" && IPS_ACTIVE=1
+if command -v docker >/dev/null 2>&1; then
+    if systemctl is-active --quiet docker; then
+        if docker ps -a | awk '{print $2}' | grep "crowdsec" >/dev/null 2>&1; then
+            IPS_INSTALLED=1
+            docker ps | grep -q "crowdsec" && IPS_ACTIVE=1
+        fi
+    else
+        check_security "Intrusion Prevention" "WARN" "Docker is instaleld but not running - cannot check for CrowdSec containers"
+    fi
 fi
 
 case "$IPS_INSTALLED$IPS_ACTIVE" in