Information
If the container image does not have an HEALTHCHECK instruction defined, use --health-cmd parameter at container runtime for checking container health.
Rationale:
One of the important security triads is availability. If the container image you are using does not have a pre-defined HEALTHCHECK instruction, use the --health-cmd parameter to check container health at runtime.
Based on the reported health status, you could take necessary actions.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Run the container using --health-cmd and the other parameters.
For example,
docker run -d --health-cmd='stat /etc/passwd || exit 1' nginx
Impact:
None.
Default Value:
By default, health checks are not done at container runtime.