6.5 Avoid container sprawl

Information

Do not keep a large number of containers on the same host.The flexibility of containers makes it easy to run multiple instances of applications and indirectly leads to Docker images that exist at varying security patch levels. It also means that you are consuming host resources that otherwise could have been used for running 'useful' containers. Having more than just the manageable number of containers on a particular host makes the situation vulnerable to mishandling, misconfiguration and fragmentation. Thus, avoid container sprawl and keep the number of containers on a host to a manageable total.

Solution

Periodically check your container inventory per host and clean up the containers that are not needed using the below command-
docker rm $INSTANCE_ID

For example,
docker rm e3a7a1a97c58
Impact-
If you keep way too few number of containers per host, then perhaps you are not utilizing your host resources very adequately.
Default Value-
By default, Docker does not restrict the number of containers you may have on a host.

See Also

https://workbench.cisecurity.org/files/517

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2c.

Plugin: Unix

Control ID: 20019f2999da2a923e56e273f8818d151d743df18c2405b85a44f2539f91bb6a