Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.1 Restrict network traffic between containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.7 Set default ulimit as appropriate - default-ulimitCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10 Do not change base device size until neededCIS Docker 1.13.0 v1.0.0 L2 DockerUnix
2.16 Control the number of manager nodes in a swarmCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

2.20 Apply a daemon-wide custom seccomp profile, if neededCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Verify that docker.service file ownership is set to root:rootCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.1 Verify that docker.service file ownership is set to root:rootCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.2 Verify that docker.service file permissions are set to 644 or more restrictiveCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.9 Verify that TLS CA certificate file ownership is set to root:rootCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.9 Verify that TLS CA certificate file ownership is set to root:rootCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.17 Verify that daemon.json file ownership is set to root:rootCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.18 Verify that daemon.json file permissions are set to 644 or more restrictiveCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.18 Verify that daemon.json file permissions are set to 644 or more restrictiveCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.20 Verify that TLS CA certificate file permissions are set to 444 or more restrictiveCIS Docker 1.6 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.3 Do not install unnecessary packages in the containerCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.3 Enable Auditing of File Metadata Modification EventsCIS Oracle Solaris 11.4 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Enable Content trust for DockerCIS Docker 1.12.0 v1.0.0 L2 DockerUnix

SYSTEM AND INFORMATION INTEGRITY

4.7 Do not use update instructions alone in the DockerfileCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.7 Do not use update instructions alone in the DockerfileCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.8 Remove setuid and setgid permissions in the imagesCIS Docker 1.12.0 v1.0.0 L2 DockerUnix
4.8 Remove setuid and setgid permissions in the imagesCIS Docker 1.13.0 v1.0.0 L2 DockerUnix
4.9 Enable Kernel Level Auditing - Check audit policies is set to arge,argv,cntCIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

4.9 Enable Kernel Level Auditing, Check if 'flags:lo,ad,cc' is set in /etc/security/audit_control.CIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

4.10 Do not store secrets in DockerfilesCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.3 Verify that containers are running only a single main processCIS Docker 1.6 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.4 Do not use privileged containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

ACCESS CONTROL

5.7 Do not map privileged ports within containersCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.7 Do not map privileged ports within containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
5.8 Do not map privileged ports within containersCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.10 Limit memory usage for containerCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.10 Limit memory usage for containerCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.11 Limit memory usage for containerCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.11 Set container CPU priority appropriatelyCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.12 Mount container's root filesystem as read onlyCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.12 Mount container's root filesystem as read onlyCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.14 Set the 'on-failure' container restart policy to 5 - 'MaximumRetryCount'CIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=alwaysCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
5.15 Do not share the host's process namespaceCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.17 Do not share the host's IPC namespaceCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.18 Do not directly expose host devices to containersCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.19 Override default ulimit at runtime only if neededCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.20 Do not share the host's UTS namespaceCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.26 Check container health at runtimeCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.28 Use PIDs cgroup limitCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Monitor Docker containers usage, performance and meteringCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
6.3 Backup container dataCIS Docker 1.12.0 v1.0.0 L1 DockerUnix
6.5 Avoid container sprawlCIS Docker 1.12.0 v1.0.0 L1 LinuxUnix

SYSTEM AND INFORMATION INTEGRITY

7.3 Ensure that all Docker swarm overlay networks are encryptedCIS Docker v1.8.0 L1 Docker SwarmUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.9 Ensure that management plane traffic is separated from data plane trafficCIS Docker v1.8.0 L1 Docker SwarmUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-002120 - The Docker Enterprise hosts user namespace must not be shared.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT