Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sockCIS Docker v1.8.0 L2 OS LinuxUnix

AUDIT AND ACCOUNTABILITY

2.10 Do not change base device size until neededCIS Docker 1.13.0 v1.0.0 L2 DockerUnix
2.10 Do not change base device size until neededCIS Docker 1.11.0 v1.0.0 L2 DockerUnix
2.10 Do not change base device size until neededCIS Docker 1.12.0 v1.0.0 L2 DockerUnix
2.16 Control the number of manager nodes in a swarmCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

2.18 Disable Userland ProxyCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

2.20 Apply a daemon-wide custom seccomp profile, if neededCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Verify that docker.service file ownership is set to root:rootCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.2 Verify that docker.service file permissions are set to 644 or more restrictiveCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.9 Verify that TLS CA certificate file ownership is set to root:rootCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.10 Verify that TLS CA certificate file permissions are set to 444 or more restrictiveCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.17 Verify that daemon.json file ownership is set to root:rootCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.18 Verify that daemon.json file permissions are set to 644 or more restrictiveCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.18 Verify that daemon.json file permissions are set to 644 or more restrictiveCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.2 Use trusted base images for containersCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.3 Do not install unnecessary packages in the containerCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.4 Rebuild the images to include security patchesCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.5 Enable Content trust for DockerCIS Docker 1.11.0 v1.0.0 L2 DockerUnix

SYSTEM AND INFORMATION INTEGRITY

4.7 Do not use update instructions alone in the DockerfileCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.8 Remove setuid and setgid permissions in the imagesCIS Docker 1.12.0 v1.0.0 L2 DockerUnix
4.9 Enable Kernel Level Auditing, Check if 'root:lo,ad:no' is set in /etc/security/audit_user.CIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

4.10 Do not store secrets in DockerfilesCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.1 Do not disable AppArmor ProfileCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

ACCESS CONTROL

5.1 Verify AppArmorCIS Docker 1.11.0 v1.0.0 L2 DockerUnix

ACCESS CONTROL

5.4 Do not use privileged containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

ACCESS CONTROL

5.4 Do not use privileged containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

ACCESS CONTROL

5.6.2 Ensure that the seccomp profile is set to docker/default in your pod definitionsCIS Kubernetes v1.12.0 L2 Master NodeUnix

CONFIGURATION MANAGEMENT

5.8 Do not map privileged ports within containersCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.8 Open only needed ports on containerCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.8 Open only needed ports on containerCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.11 Limit memory usage for containerCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.11 Set container CPU priority appropriatelyCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.13 Bind incoming container traffic to a specific host interfaceCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=alwaysCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
5.15 Do not share the host's process namespaceCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.15 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=alwaysCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.18 Override default ulimit at runtime only if neededCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.18 Override default ulimit at runtime only if neededCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.19 Do not set mount propagation mode to sharedCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.20 Do not share the host's UTS namespaceCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.21 Do not disable default seccomp profileCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.26 Check container health at runtimeCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.30 Do not share the host's user namespacesCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Perform regular security audits of your host system and containersCIS Docker 1.6 v1.0.0 L1 DockerUnix
6.1 Perform regular security audits of your host system and containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix
6.2 Monitor Docker containers usage, performance and meteringCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
6.3 Backup container dataCIS Docker 1.12.0 v1.0.0 L1 DockerUnix
6.5 Avoid container sprawlCIS Docker 1.12.0 v1.0.0 L1 LinuxUnix

SYSTEM AND INFORMATION INTEGRITY

7.4 Ensure that Docker's secret management commands are used for managing secrets in a swarm clusterCIS Docker v1.8.0 L1 Docker SwarmUnix

CONFIGURATION MANAGEMENT

DKER-EE-002010 - Memory usage for all containers must be limited in Docker Enterprise.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT