DISA STIG Docker Enterprise 2.x Linux/Unix v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Docker Enterprise 2.x Linux/Unix v1r1

Updated: 8/30/2021

Authority: DISA STIG

Plugin: Unix

Revision: 1.3

Estimated Item Count: 83

File Details

Filename: DISA_STIG_Docker_Enterprise_2.x_Linux_Unix_v1r1.audit

Size: 201 kB

MD5: 834f18c78396b869e8fc5e6e8e5e6aa1

SHA256: 06cf370c33202abfd59dbd85f7156ce4b1cb970068087c62ee3055292b028c4c

Audit Items

Description	Categories
DISA_STIG_Docker_Enterprise_2.x_Linux_Unix_v1r1.audit from DISA Docker Enterprise 2.x Linux/Unix STIG v1r1
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.	ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
DKER-EE-001070 - FIPS mode must be enabled on all Docker Engine - Enterprise nodes. - docker info .SecurityOptions	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set. - docker paths	AUDIT AND ACCOUNTABILITY
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set. - docker services	AUDIT AND ACCOUNTABILITY
DKER-EE-001190 - Docker Enterprise sensitive host system directories must not be mounted on containers.	AUDIT AND ACCOUNTABILITY
DKER-EE-001240 - The Docker Enterprise hosts process namespace must not be shared.	SYSTEM AND COMMUNICATIONS PROTECTION
DKER-EE-001250 - The Docker Enterprise hosts IPC namespace must not be shared.	SYSTEM AND COMMUNICATIONS PROTECTION
DKER-EE-001370 - log-opts on all Docker Engine - Enterprise nodes must be configured.
DKER-EE-001590 - Docker Enterprise must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
DKER-EE-001770 - Docker Incs official GPG key must be added to the host using the users operating systems respective package repository management tooling.	CONFIGURATION MANAGEMENT
DKER-EE-001800 - The insecure registry capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled.	CONFIGURATION MANAGEMENT
DKER-EE-001810 - On Linux, a non-AUFS storage driver in the Docker Engine - Enterprise component of Docker Enterprise must be used.	CONFIGURATION MANAGEMENT
DKER-EE-001830 - The userland proxy capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled.
DKER-EE-001840 - Experimental features in the Docker Engine - Enterprise component of Docker Enterprise must be disabled.	CONFIGURATION MANAGEMENT
DKER-EE-001930 - An appropriate AppArmor profile must be enabled on Ubuntu systems for Docker Enterprise.	ACCESS CONTROL
DKER-EE-001940 - SELinux security options must be set on Red Hat or CentOS systems for Docker Enterprise.
DKER-EE-001950 - Linux Kernel capabilities must be restricted within containers as defined in the System Security Plan (SSP) for Docker Enterprise.
DKER-EE-001960 - Privileged Linux containers must not be used for Docker Enterprise.	ACCESS CONTROL
DKER-EE-001970 - SSH must not run within Linux containers for Docker Enterprise.	CONFIGURATION MANAGEMENT
DKER-EE-001990 - Only required ports must be open on the containers in Docker Enterprise.	CONFIGURATION MANAGEMENT
DKER-EE-002000 - Docker Enterprise hosts network namespace must not be shared.	CONFIGURATION MANAGEMENT
DKER-EE-002010 - Memory usage for all containers must be limited in Docker Enterprise.	SYSTEM AND COMMUNICATIONS PROTECTION
DKER-EE-002020 - Docker Enterprise CPU priority must be set appropriately on all containers.	SYSTEM AND COMMUNICATIONS PROTECTION
DKER-EE-002030 - All Docker Enterprise containers root filesystem must be mounted as read only.	CONFIGURATION MANAGEMENT
DKER-EE-002040 - Docker Enterprise host devices must not be directly exposed to containers.	SYSTEM AND COMMUNICATIONS PROTECTION
DKER-EE-002050 - Mount propagation mode must not set to shared in Docker Enterprise.	CONFIGURATION MANAGEMENT
DKER-EE-002060 - The Docker Enterprise hosts UTS namespace must not be shared.	CONFIGURATION MANAGEMENT
DKER-EE-002070 - The Docker Enterprise default seccomp profile must not be disabled.	CONFIGURATION MANAGEMENT
DKER-EE-002080 - Docker Enterprise exec commands must not be used with privileged option.	CONFIGURATION MANAGEMENT
DKER-EE-002090 - Docker Enterprise exec commands must not be used with the user option.	CONFIGURATION MANAGEMENT
DKER-EE-002100 - cgroup usage must be confirmed in Docker Enterprise.	CONFIGURATION MANAGEMENT
DKER-EE-002110 - All Docker Enterprise containers must be restricted from acquiring additional privileges.	CONFIGURATION MANAGEMENT
DKER-EE-002120 - The Docker Enterprise hosts user namespace must not be shared.	SYSTEM AND COMMUNICATIONS PROTECTION
DKER-EE-002130 - The Docker Enterprise socket must not be mounted inside any containers.	AUDIT AND ACCOUNTABILITY
DKER-EE-002150 - Docker Enterprise privileged ports must not be mapped within containers.	CONFIGURATION MANAGEMENT
DKER-EE-002160 - Docker Enterprise incoming container traffic must be bound to a specific host interface.	CONFIGURATION MANAGEMENT
DKER-EE-002380 - The certificate chain used by Universal Control Plane (UCP) client bundles must match what is defined in the System Security Plan (SSP) in Docker Enterprise.
DKER-EE-002400 - Docker Enterprise Swarm manager must be run in auto-lock mode.	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
DKER-EE-002410 - Docker Enterprise secret management commands must be used for managing secrets in a Swarm cluster.
DKER-EE-002660 - Docker Secrets must be used to store configuration files and small amounts of user-generated data (up to 500 kb in size) in Docker Enterprise.
DKER-EE-002770 - Docker Enterprise container health must be checked at runtime.	CONFIGURATION MANAGEMENT
DKER-EE-002780 - PIDs cgroup limits must be used in Docker Enterprise.	SYSTEM AND COMMUNICATIONS PROTECTION
DKER-EE-003200 - Docker Enterprise images must be built with the USER instruction to prevent containers from running as root.	ACCESS CONTROL
DKER-EE-003230 - An appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR).	AUDIT AND ACCOUNTABILITY
DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP). - max-file	AUDIT AND ACCOUNTABILITY
DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP). - max-size	AUDIT AND ACCOUNTABILITY
DKER-EE-003320 - All Docker Engine - Enterprise nodes must be configured with a log driver plugin that sends logs to a remote log aggregation system (SIEM).	AUDIT AND ACCOUNTABILITY
DKER-EE-003330 - Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.
DKER-EE-003340 - Log aggregation/SIEM systems must be configured to notify SA and ISSO on Docker Engine - Enterprise audit failure events.

Detections

Analytics

DISA STIG Docker Enterprise 2.x Linux/Unix v1r1

Warning! Audit Deprecated

Audit Details

File Details

Audit Items