CIS Docker 1.6 V1.0.0 L1 Docker

Details http://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/ Solution Uninstall SSH server from the container and use nsenter or any other commands such asdocker exec or...

Details http://docs.docker.com/ reference/commandline/cli/#insecure-registries Solution Do not use any insecure registries.For example, do not start the Docker daemon as below-$> docker...

Details http://docs.docker.com/reference/commandline/cli/#docker-exec-driver-option Solution Do not run the Docker daemon with ‘lxc’ as execution driver.For example, do not start the Docker...

Details https://docs.docker.com/ reference/commandline/cli Solution Do not run container with the –privileged flag.For example, do not start a container as below-$>...

Details http://docs.docker.com/ reference/commandline/cli/#daemon-storage-driver-option Solution Do not explicitly use ‘aufs’ as storage driver.For example, do not start Docker daemon as below-$>...

Details https://docs.docker.com/articles/networking/#binding-ports Solution Fix the Dockerfile of the container image to expose only needed ports by yourcontainerized application. You can...

Details Instead of patching your containers and images, rebuild the images from scratch and instantiate new containers from it. Security...

Details https://docs.docker.com/articles/security/#linux-kernel-capabilities Solution Execute the below command to add needed capabilities- $> docker run –cap-add={‘Capability 1′,’Capability 2’} For example, $>...

Details By default, all network traffic is allowed between containers on the same host. If not desired, restrict all the...

Details http://docs.docker.com/ reference/commandline/cli/#default-ulimits Solution Run the docker in daemon mode and pass ‘–default-ulimit’ as argument with respectiveulimits as appropriate in...