Configure centralized and remote logging
Details https://docs.docker.com/engine/admin/logging/overview/ Solution Step 1- Setup the desired log driver by following its documentation.Step 2- Start the docker daemon with...
- Home
- Security Hardening
- CIS Docker 1.11.0 V1.0.0 L2 Docker
CIS Docker 1.11.0 V1.0.0 L2 Docker
Confirm default cgroup usage
Details https://docs.docker.com/engine/reference/commandline/daemon/ Solution The default setting is good enough and can be left as-is. If you want to specifically set...Do not change base device size until needed
Details https://docs.docker.com/engine/reference/commandline/daemon/#storage-driver-options NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance. Solution Do not...Do not docker exec commands with privileged option
Details Do not docker exec with –privileged option.Using –privileged option in docker exec gives extended Linux capabilities to the command....Do not docker exec commands with user option
Details Do not docker exec with –user option.Using –user option in docker exec executes the command within the container as...Enable Content trust for Docker
Details https://docs.docker.com/engine/security/trust/content_trust/ 2.https://docs.docker.com/engine/reference/commandline/cli/#notary 3.https://docs.docker.com/engine/reference/commandline/cli/#environment-variables Solution To enable content trust in a bash shell, enter the following command-export DOCKER_CONTENT_TRUST=1Alternatively, set this...Enable user namespace support
Details http://man7.org/linux/man-pages/man7/user_namespaces.7.html 2.https://docs.docker.com/engine/reference/commandline/daemon/ 3.http://events.linuxfoundation.org/sites/events/files/slides/User%20Namespaces%20-%20ContainerCon%202015%20-%2016-9-final_0.pdf 4.https://github.com/docker/docker/issues/21050 NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance....Use authorization plugin
Details https://docs.docker.com/engine/reference/commandline/daemon/#access-authorization 2.https://docs.docker.com/engine/extend/authorization/ 3.https://github.com/twistlock/authz Solution Step 1- Install/Create an authorization plugin.Step 2- Configure the authorization policy as desired.Step 3- Start...Verify AppArmor
Details AppArmor is an effective and easy-to-use Linux application security system. It is available on quite a few Linux distributions...Verify SELinux security options, if applicable
Details http://docs.docker.com/articles/security/#other-kernel-security-features 2.http://docs.docker.com/reference/run/#security-configuration 3.http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target...