Ensure that TLS CA certificate file permissions are set to 444 or more restrictive
Details Verify that the TLS CA certificate file (the file that is passed alongwith –tlscacert parameter) has permissions of 444...
- Home
- Security Hardening
- CIS Docker Community Edition V1.1.0 L1 Docker
CIS Docker Community Edition V1.1.0 L1 Docker
Ensure the default ulimit is configured appropriately
Details Set the default ulimit options as appropriate in your environment. Rationale: ulimit provides control over the resources available to...Ensure the logging level is set to ‘info’
Details Set Docker daemon log level to info. Rationale: Setting up an appropriate log level, configures the Docker daemon to...Ensure TLS authentication for Docker daemon is configured –tlscacert
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Ensure TLS authentication for Docker daemon is configured –tlscert
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Ensure TLS authentication for Docker daemon is configured –tlskey
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Ensure TLS authentication for Docker daemon is configured –tlsverify
Details It is possible to make the Docker daemon to listen on a specific IP and port and any other...Ensure unnecessary packages are not installed in the container
Details Containers tend to be minimal and slim down versions of the Operating System. Do not install anything that does...Ensure update instructions are not use alone in the Dockerfile
Details Do not use update instructions such as apt-get update alone or in a single line in the Dockerfile. Rationale:...Ensure Userland Proxy is Disabled
Details The docker daemon starts a userland proxy service for port forwarding whenever a port is exposed. Where hairpin NAT...