Details

Ensure that the minimum number of required manager nodes is created in a swarm.Manager nodes within a swarm have control over the swarm and change its configuration

modifying security parameters. Having excessive manager nodes could render the swarm

more susceptible to compromise.If fault tolerance is not required in the manager nodes, a single node should be elected as

a manger. If fault tolerance is required, then the smallest practical odd number to achieve

the appropriate level of tolerance should be configured.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

If an excessive number of managers is configured, the excess can be demoted as worker
using the following command-docker node demote Where is the node ID value of the manager to be demoted.Impact-NoneDefault Value-A single manager is all that is required to start a given cluster.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/517

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-7b.

Source

• Tenable.com/audits