Only allow trusted users to control Docker daemon

Details

https://docs.docker.com/articles/security/#docker-daemon-attack-surface

2.https://www.andreas-jung.com/contents/on-docker-security-docker-group-considered-harmful

3.http://www.projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/

Solution

Remove any users from the ‘docker’ group that are not trusted. Additionally, do not create
a mapping of sensitive directories on host to container volumes.Impact-Rights to build and execute containers as normal user would be restricted.Default Value-Not Applicable

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/517

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-6(10)

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles