5.31 Ensure the Docker socket is not mounted inside any containers

Information

The docker socket docker.sock should not be mounted inside a container.
Rationale:
If the docker socket is mounted inside a container it would allow processes running within the container to execute docker commands which effectively allows for full control of the host.

Solution

Ensure that no containers mount docker.sock as a volume.
Impact:
None
Default Value:
By default, docker.sock is not mounted inside containers.

See Also

https://workbench.cisecurity.org/files/1726

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|9

Plugin: Unix

Control ID: 03ecb5e0adec5f236242a0b92eabf8194949335721636cf410578e4a8a918d6e