Allow Docker to make changes to iptables
Details Iptables are used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux...
- Home
- Security Hardening
- CIS Docker 1.6 V1.0.0 L1 Docker
CIS Docker 1.6 V1.0.0 L1 Docker
Configure TLS authentication for Docker daemon ‘–tlscacert’
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Configure TLS authentication for Docker daemon ‘–tlscert’
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Configure TLS authentication for Docker daemon ‘–tlskey”
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Configure TLS authentication for Docker daemon ‘–tlsverify’
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Create a user for the container
Details https://github.com/docker/docker/issues/7906 Solution Ensure that the Dockerfile for the container image contains below instruction-USER where username or ID refers to...Do not bind Docker to another IP/Port or a Unix socket
Details https://docs.docker.com/articles/basics/#bind-docker-to-another-hostport-or-a-unix-socket Solution Do not bind the Docker daemon to any IP and Port or a non-default Unix socket.For example,...Do not install unnecessary packages in the container
Details Containers tend to be minimal and slim down versions of the Operating System. Do not install anything that does...Do not map privileged ports within containers
Details The TCP/IP port numbers below 1024 are considered privileged ports. Normal users and processes are not allowed to use...Do not mount sensitive host system directories on containers
Details https://docs.docker.com/userguide/dockervolumes Solution Do not mount host sensitive directories on containers especially in read-write mode. Impact-None. Default Value-Docker defaults to...