Add HEALTHCHECK instruction to the container image
Details Add HEALTHCHECK instruction in your docker container images to perform thehealth check on running containers. Rationale: One of the...
- Home
- Security Hardening
- CIS Docker 1.13.0 V1.0.0 L1 Docker
CIS Docker 1.13.0 V1.0.0 L1 Docker
Allow Docker to make changes to iptables
Details Iptables are used to set up, maintain, and inspect the tablesof IP packet filter rules in the Linux kernel....Apply a daemon-wide custom seccomp profile, if needed
Details You can choose to apply your custom seccomp profile at the daemon-wide levelif needed and override Docker’s default seccomp...Avoid experimental features in production
Details Avoid experimental features in production. Rationale: Experimental is now a runtime docker daemon flag instead of a separate build....Bind swarm services to a specific host interface
Details By default, the docker swarm services will listen to all interfaces on the host, which may not be necessary...Configure TLS authentication for Docker daemon –tlscacert
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Configure TLS authentication for Docker daemon –tlscert
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Configure TLS authentication for Docker daemon –tlskey
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Configure TLS authentication for Docker daemon –tlsverify
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Control the number of manager nodes in a swarm
Details Ensure that the minimum number of required manager nodes is created in a swarm. Rationale: Manager nodes within a...