CIS Docker v1.2.0 L1 Docker Linux

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Docker v1.2.0 L1 Docker Linux

Updated: 7/20/2021

Authority: CIS

Plugin: Unix

Revision: 1.8

Estimated Item Count: 89

Audit Items

Description	Categories
2.1 Ensure network traffic is restricted between containers on the default bridge	SYSTEM AND COMMUNICATIONS PROTECTION
2.2 Ensure the logging level is set to 'info' - daemon.json	AUDIT AND ACCOUNTABILITY
2.2 Ensure the logging level is set to 'info' - dockerd	AUDIT AND ACCOUNTABILITY
2.3 Ensure Docker is allowed to make changes to iptables - daemon.json	SYSTEM AND COMMUNICATIONS PROTECTION
2.3 Ensure Docker is allowed to make changes to iptables - dockerd	SYSTEM AND COMMUNICATIONS PROTECTION
2.4 Ensure insecure registries are not used	SYSTEM AND INFORMATION INTEGRITY
2.5 Ensure aufs storage driver is not used	CONFIGURATION MANAGEMENT
2.6 Ensure TLS authentication for Docker daemon is configured - tlscacert
2.6 Ensure TLS authentication for Docker daemon is configured - tlscert
2.6 Ensure TLS authentication for Docker daemon is configured - tlskey
2.6 Ensure TLS authentication for Docker daemon is configured - tlsverify
2.7 Ensure the default ulimit is configured appropriately - daemon.json nofile hard
2.7 Ensure the default ulimit is configured appropriately - daemon.json nofile soft
2.7 Ensure the default ulimit is configured appropriately - daemon.json nproc hard
2.7 Ensure the default ulimit is configured appropriately - daemon.json nproc soft
2.7 Ensure the default ulimit is configured appropriately - ps
2.13 Ensure live restore is enabled	SYSTEM AND COMMUNICATIONS PROTECTION
2.14 Ensure Userland Proxy is Disabled
2.16 Ensure that experimental features are not implemented in production	SYSTEM AND COMMUNICATIONS PROTECTION
2.17 Ensure containers are restricted from acquiring new privileges
3.1 Ensure that the docker.service file ownership is set to root:root	CONFIGURATION MANAGEMENT
3.2 Ensure that docker.service file permissions are appropriately set	CONFIGURATION MANAGEMENT
3.3 Ensure that docker.socket file ownership is set to root:root	CONFIGURATION MANAGEMENT
3.4 Ensure that docker.socket file permissions are set to 644 or more restrictive	CONFIGURATION MANAGEMENT
3.5 Ensure that the /etc/docker directory ownership is set to root:root	CONFIGURATION MANAGEMENT
3.6 Ensure that /etc/docker directory permissions are set to 755 or more restrictively	CONFIGURATION MANAGEMENT
3.7 Ensure that registry certificate file ownership is set to root:root	CONFIGURATION MANAGEMENT
3.8 Ensure that registry certificate file permissions are set to 444 or more restrictively	CONFIGURATION MANAGEMENT
3.9 Ensure that TLS CA certificate file ownership is set to root:root	CONFIGURATION MANAGEMENT
3.10 Ensure that TLS CA certificate file permissions are set to 444 or more restrictively	CONFIGURATION MANAGEMENT
3.11 Ensure that Docker server certificate file ownership is set to root:root	CONFIGURATION MANAGEMENT
3.12 Ensure that the Docker server certificate file permissions are set to 444 or more restrictively	CONFIGURATION MANAGEMENT
3.13 Ensure that the Docker server certificate key file ownership is set to root:root	CONFIGURATION MANAGEMENT
3.14 Ensure that the Docker server certificate key file permissions are set to 400	CONFIGURATION MANAGEMENT
3.15 Ensure that the Docker socket file ownership is set to root:docker	CONFIGURATION MANAGEMENT
3.16 Ensure that the Docker socket file permissions are set to 660 or more restrictively	CONFIGURATION MANAGEMENT
3.17 Ensure that the daemon.json file ownership is set to root:root	CONFIGURATION MANAGEMENT
3.18 Ensure that daemon.json file permissions are set to 644 or more restrictive	CONFIGURATION MANAGEMENT
3.19 Ensure that the /etc/default/docker file ownership is set to root:root	CONFIGURATION MANAGEMENT
3.20 Ensure that the /etc/sysconfig/docker file ownership is set to root:root	CONFIGURATION MANAGEMENT
3.21 Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively	CONFIGURATION MANAGEMENT
3.22 Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively	CONFIGURATION MANAGEMENT
4.1 Ensure that a user for the container has been created	CONFIGURATION MANAGEMENT
4.2 Ensure that containers use only trusted base images
4.3 Ensure that unnecessary packages are not installed in the container
4.4 Ensure images are scanned and rebuilt to include security patches
4.6 Ensure that HEALTHCHECK instructions have been added to container images	CONFIGURATION MANAGEMENT
4.7 Ensure update instructions are not use alone in the Dockerfile
4.9 Ensure that COPY is used instead of ADD in Dockerfiles
4.10 Ensure secrets are not stored in Dockerfiles

Detections

Analytics

CIS Docker v1.2.0 L1 Docker Linux

Warning! Audit Deprecated

Audit Details

Audit Items