Information
Containers should have as small a footprint as possible, and should not contain unnecessary software packages which could increase their attack surface.
Rationale:
Unnecessary software should not be installed into containers, as doing so increases their attack surface. Only packages strictly necessary for the correct operation of the application being deployed should be installed.
Impact:
None.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
You should not install anything within the container that is not required.
You should consider using a minimal base image rather than the standard Centos, Debian, or Red Hat images if you can. Some of the options available include BusyBox and Alpine.
Not only can this trim your image size considerably, but there would also be fewer pieces of software which could contain vectors for attack.
Default Value:
Not Applicable.