Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sockCIS Docker v1.6.0 L2 Docker LinuxUnix

AUDIT AND ACCOUNTABILITY

1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shimCIS Docker v1.6.0 L2 Docker LinuxUnix

AUDIT AND ACCOUNTABILITY

2.1 Restrict network traffic between containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Ensure network traffic is restricted between containers on the default bridgeCIS Docker v1.6.0 L1 Docker LinuxUnix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.6 Ensure aufs storage driver is not usedCIS Docker v1.6.0 L1 Docker LinuxUnix

SYSTEM AND SERVICES ACQUISITION

2.7 Set default ulimit as appropriate - default-ulimitCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.8 Enable user namespace supportCIS Docker 1.13.0 v1.0.0 L2 DockerUnix
2.8 Ensure the default ulimit is configured appropriately - daemon.json nofile softCIS Docker v1.6.0 L1 Docker LinuxUnix

CONFIGURATION MANAGEMENT

2.12 Ensure that authorization for Docker client commands is enabled - dockerdCIS Docker v1.6.0 L2 Docker LinuxUnix
2.16 Control the number of manager nodes in a swarmCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

2.16 Ensure Userland Proxy is DisabledCIS Docker v1.6.0 L1 Docker LinuxUnix

CONFIGURATION MANAGEMENT

2.16 Ensure Userland Proxy is Disabled - dockerdCIS Docker v1.6.0 L1 Docker LinuxUnix
2.17 Bind swarm services to a specific host interfaceCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Ensure that the docker.service file ownership is set to root:rootCIS Docker v1.6.0 L1 Docker LinuxUnix

ACCESS CONTROL

3.1 Verify that docker.service file ownership is set to root:rootCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.2 Ensure that docker.service file permissions are appropriately setCIS Docker v1.6.0 L2 Docker LinuxUnix

ACCESS CONTROL, MEDIA PROTECTION

3.3 Ensure that docker.socket file ownership is set to root:rootCIS Docker v1.6.0 L2 Docker LinuxUnix

ACCESS CONTROL

3.19 Verify that TLS CA certificate file ownership is set to root:rootCIS Docker 1.6 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.23 Ensure that the Containerd socket file ownership is set to root:rootCIS Docker v1.6.0 L1 Docker LinuxUnix

ACCESS CONTROL

4.3 Do not install unnecessary packages in the containerCIS Docker 1.6 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.3 Do not install unnecessary packages in the containerCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.8 Ensure setuid and setgid permissions are removedCIS Docker v1.6.0 L2 Docker LinuxUnix

ACCESS CONTROL

4.9 Use COPY instead of ADD in DockerfileCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.1 Verify AppArmorCIS Docker 1.6 v1.0.0 L2 DockerUnix

ACCESS CONTROL

5.4 Do not use privileged containersCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

ACCESS CONTROL

5.5 Do not mount sensitive host system directories on containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.5 Do not use privileged containersCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.5 Ensure that privileged containers are not usedCIS Docker v1.6.0 L1 Docker LinuxUnix

ACCESS CONTROL

5.6 Do not run ssh within containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.8 Open only needed ports on containerCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.15 Do not share the host's process namespaceCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.15 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=alwaysCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.17 Do not directly expose host devices to containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.19 Do not set mount propagation mode to sharedCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.20 Do not share the host's UTS namespaceCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.24 Confirm cgroup usageCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.30 Do not share the host's user namespacesCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Perform regular security audits of your host system and containersCIS Docker 1.13.0 v1.0.0 L1 DockerUnix
6.1 Perform regular security audits of your host system and containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix
6.2 Monitor Docker containers usage, performance and meteringCIS Docker 1.13.0 v1.0.0 L1 DockerUnix
6.2 Monitor Docker containers usage, performance and meteringCIS Docker 1.6 v1.0.0 L1 DockerUnix
6.3 Endpoint protection platform (EPP) tools for containers (Not Scored)CIS Docker 1.6 v1.0.0 L2 DockerUnix
7.9 Ensure that management plane traffic is separated from data plane trafficCIS Docker v1.6.0 L1 Docker SwarmUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

Check if this is a Docker Vessel/HostCIS Docker 1.13.0 v1.0.0 L1 DockerUnix
Check if this is a Docker Vessel/HostCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
Check if this is a Docker Vessel/HostCIS Docker 1.11.0 v1.0.0 L2 DockerUnix
Check to see if Swarm is activeCIS Docker v1.6.0 L1 Docker SwarmUnix
CIS_Docker_1.6_v1.0.0_L1_Docker.audit Level 1CIS Docker 1.6 v1.0.0 L1 DockerUnix
CIS_Docker_1.11.0_v1.0.0_L2.audit Level 2CIS Docker 1.11.0 v1.0.0 L2 DockerUnix
Ubuntu is installedCIS Docker 1.13.0 v1.0.0 L1 DockerUnix