1.1 Create a separate partition for containers | SYSTEM AND COMMUNICATIONS PROTECTION |
1.2 Use the updated Linux Kernel | SYSTEM AND INFORMATION INTEGRITY |
1.3 Harden the container host | CONFIGURATION MANAGEMENT |
1.4 Remove all non-essential services from the host - DPKG | CONFIGURATION MANAGEMENT |
1.4 Remove all non-essential services from the host - RPM | CONFIGURATION MANAGEMENT |
1.4 Remove all non-essential services from the host - Running Processes | CONFIGURATION MANAGEMENT |
1.4 Remove all non-essential services from the host - Sockets | CONFIGURATION MANAGEMENT |
1.5 Keep Docker up to date | SYSTEM AND INFORMATION INTEGRITY |
1.6 Only allow trusted users to control Docker daemon | ACCESS CONTROL |
1.7 Audit docker daemon | AUDIT AND ACCOUNTABILITY |
1.8 Audit Docker files and directories - /var/lib/docker | AUDIT AND ACCOUNTABILITY |
1.9 Audit Docker files and directories - /etc/docker | AUDIT AND ACCOUNTABILITY |
1.10 Audit Docker files and directories - docker.service | AUDIT AND ACCOUNTABILITY |
1.11 Audit Docker files and directories - docker.socket | AUDIT AND ACCOUNTABILITY |
1.12 Audit Docker files and directories - /etc/default/docker | AUDIT AND ACCOUNTABILITY |
1.13 Audit Docker files and directories - /etc/docker/daemon.json | AUDIT AND ACCOUNTABILITY |
1.14 Audit Docker files and directories - /usr/bin/docker-containerd | AUDIT AND ACCOUNTABILITY |
1.15 Audit Docker files and directories - /usr/bin/docker-runc | AUDIT AND ACCOUNTABILITY |
6.4 Avoid image sprawl | CONFIGURATION MANAGEMENT |
6.5 Avoid container sprawl | SYSTEM AND INFORMATION INTEGRITY |
CIS_Docker_1.11.0_v1.0.0_L1_Linux.audit Level 1 Linux | |