6.7 Avoid container sprawl

Information

Do not keep a large number of containers on the same host.

The flexibility of containers makes it easy to run multiple instances of applications and
indirectly leads to Docker images that exist at varying security patch levels. It also means
that you are consuming host resources that otherwise could have been used for running
'useful' containers. Having more than just the manageable number of containers on a
particular host makes the situation vulnerable to mishandling, misconfiguration and
fragmentation. Thus, avoid container sprawl and keep the number of containers on a host
to a manageable total.

Solution

Periodically check your container inventory per host and clean up the containers that are
not needed using the below command-

$> docker rm $INSTANCE_ID

For example,
$> docker rm e3a7a1a97c58

Impact-If you keep way too few number of containers per host, then perhaps you are not utilizing
your host resources very adequately.

Default Value-By default, Docker does not restrict the number of containers you may have on a host.

See Also

https://workbench.cisecurity.org/files/514

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2c.

Plugin: Unix

Control ID: f521419a2e6f4e767784baca1a3523f70b47859944d22ef0ff1115038ef1d1c3