Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.2 Restrict network traffic between containersCIS Docker 1.6 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.7 Set default ulimit as appropriateCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10 Set default ulimit as appropriate '--default-ulimit'CIS Docker 1.6 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3 Verify that docker.socket file ownership is set to root:rootCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.9 Verify that TLS CA certificate file ownership is set to root:rootCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.10 Verify that TLS CA certificate file permissions are set to 444 or more restrictiveCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.17 Verify that daemon.json file ownership is set to root:rootCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.17 Verify that daemon.json file ownership is set to root:rootCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.1 Create a user for the containerCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

ACCESS CONTROL

4.3 Enable Debug Level Daemon Logging - Check if daemon.debug is set to /var/log/connlogCIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

4.4 Capture syslog AUTH Messages - Check if auth.info is set to var/log/authlogCIS Solaris 10 L1 v5.2Unix
4.4 Rebuild the images to include security patchesCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.5 Enable Content trust for DockerCIS Docker 1.11.0 v1.0.0 L2 DockerUnix

SYSTEM AND INFORMATION INTEGRITY

5.1 Verify AppArmorCIS Docker 1.11.0 v1.0.0 L2 DockerUnix

ACCESS CONTROL

5.4 Do not use privileged containersCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

ACCESS CONTROL

5.7 Do not map privileged ports within containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.8 Open only needed ports on containerCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.12 Mount container's root filesystem as read onlyCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.13 Bind incoming container traffic to a specific host interfaceCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.13 Bind incoming container traffic to a specific host interfaceCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.13 Mount container's root filesystem as read onlyCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyNameCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.16 Do not share the host's IPC namespaceCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.16 Do not share the host's IPC namespaceCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.16 Do not share the host's IPC namespaceCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.18 Override default ulimit at runtime only if neededCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.19 Do not set mount propagation mode to sharedCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.19 Do not set mount propagation mode to sharedCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.20 Do not share the host's UTS namespaceCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.21 Do not disable default seccomp profileCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.22 Do not docker exec commands with privileged optionCIS Docker 1.12.0 v1.0.0 L2 DockerUnix
5.25 Restrict container from acquiring additional privilegesCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.26 Check container health at runtimeCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.28 Use PIDs cgroup limitCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.30 Do not share the host's user namespacesCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Perform regular security audits of your host system and containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
6.1 Perform regular security audits of your host system and containersCIS Docker 1.13.0 v1.0.0 L1 DockerUnix
6.3 Backup container dataCIS Docker 1.13.0 v1.0.0 L1 DockerUnix
6.3 Backup container dataCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
6.9 Harden host operating systemCIS Sybase 15.0 L1 DB v1.1.0SybaseDB
7.2 Set Password Expiration Parameters on Active Accounts - Check MAXWEEKS is set to 13CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - Check DICTIONDBDIR is set to /var/passwdCIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - Check MAXREPEATS is set to 0CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - Check MINDIFF is set to 3CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - MINALPHA is set to 2CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - MINNONALPHA is set to 1CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.5 Ensure that swarm manager is run in auto-lock modeCIS Docker v1.8.0 L1 Docker SwarmUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.8 Ensure that CA certificates are rotated as appropriateCIS Docker v1.8.0 L1 Docker SwarmUnix

IDENTIFICATION AND AUTHENTICATION

7.9 Lock Inactive User Accounts - Check if definact is set to 35.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.labelString' is not set to default string.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL