Details
Do not enable swarm mode on a docker engine instance unless needed.By default, a Docker engine instance will not listen on any network ports, with all
communications with the client coming over the Unix socket. When Docker swarm mode is
enabled on a docker engine instance, multiple network ports are opened on the system and
made available to other systems on the network for the purposes of cluster management
and node communications.Opening network ports on a system increase its attack surface and this should be avoided
unless required.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
If swarm mode has been enabled on a system in error, rundocker swarm leaveImpact-None.Default Value-By default, docker swarm mode is not enabled.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.