Add HEALTHCHECK instruction to the container image
Details Add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.One of the important...
- Home
- Security Hardening
- CIS Docker 1.12.0 V1.0.0 L1 Docker
CIS Docker 1.12.0 V1.0.0 L1 Docker
Allow Docker to make changes to iptables
Details https://docs.docker.com/v1.8/articles/networking/ Solution Do not run the Docker daemon with ‘–iptables=false’ parameter.For example, do not start the Docker daemon as...Bind swarm services to a specific host interface
Details https://docs.docker.com/engine/reference/commandline/swarm_init/#/listen- addr-value 2.https://docs.docker.com/engine/swarm/admin_guide/#/recover-from-disaster NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target...Configure TLS authentication for Docker daemon – tlscacert
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Configure TLS authentication for Docker daemon – tlscert
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Configure TLS authentication for Docker daemon – tlskey
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Configure TLS authentication for Docker daemon -tlsverify
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Control the number of manager nodes in a swarm
Details Ensure that the minimum number of required manager nodes is created in a swarm.Manager nodes within a swarm have...Create a user for the container
Details Create a non-root user for the container in the Dockerfile for the container image.It is a good practice to...Disable operations on legacy registry (v1)
Details The latest Docker registry is v2. All operations on the legacy registry version (v1) should be restricted.Docker registry v2...