Item Search

Name	Audit Name	Plugin	Category
1.2.1 Ensure the container host has been Hardened	CIS Docker v1.6.0 L2 Docker Linux	Unix	CONFIGURATION MANAGEMENT
2.1 Restrict network traffic between containers	CIS Docker 1.11.0 v1.0.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
2.7 Ensure TLS authentication for Docker daemon is configured - daemon.json	CIS Docker v1.6.0 L1 Docker Linux	Unix
2.7 Ensure TLS authentication for Docker daemon is configured - dockerd	CIS Docker v1.6.0 L1 Docker Linux	Unix
2.7 Set default ulimit as appropriate - default-ulimit	CIS Docker 1.11.0 v1.0.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
2.8 Ensure the default ulimit is configured appropriately - daemon.json nofile hard	CIS Docker v1.6.0 L1 Docker Linux	Unix	CONFIGURATION MANAGEMENT
2.10 Do not change base device size until needed	CIS Docker 1.13.0 v1.0.0 L2 Docker	Unix
2.16 Control the number of manager nodes in a swarm	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
2.20 Apply a daemon-wide custom seccomp profile, if needed	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.1 Verify that docker.service file ownership is set to root:root	CIS Docker 1.12.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
3.1 Verify that docker.service file ownership is set to root:root	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
3.2 Verify that docker.service file permissions are set to 644 or more restrictive	CIS Docker 1.12.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
3.9 Ensure that TLS CA certificate file ownership is set to root:root	CIS Docker v1.6.0 L2 Docker Linux	Unix	ACCESS CONTROL
3.9 Verify that TLS CA certificate file ownership is set to root:root	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
3.17 Verify that daemon.json file ownership is set to root:root	CIS Docker 1.12.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
3.18 Verify that daemon.json file permissions are set to 644 or more restrictive	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
3.20 Verify that TLS CA certificate file permissions are set to 444 or more restrictive	CIS Docker 1.6 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
4.1 Ensure that a user for the container has been created	CIS Docker v1.6.0 L1 Docker Linux	Unix	ACCESS CONTROL
4.5 Enable Content trust for Docker	CIS Docker 1.12.0 v1.0.0 L2 Docker	Unix	SYSTEM AND INFORMATION INTEGRITY
4.7 Do not use update instructions alone in the Dockerfile	CIS Docker 1.12.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
4.7 Do not use update instructions alone in the Dockerfile	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
4.8 Remove setuid and setgid permissions in the images	CIS Docker 1.12.0 v1.0.0 L2 Docker	Unix
4.8 Remove setuid and setgid permissions in the images	CIS Docker 1.13.0 v1.0.0 L2 Docker	Unix
4.10 Do not store secrets in Dockerfiles	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
5.3 Verify that containers are running only a single main process	CIS Docker 1.6 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
5.4 Do not use privileged containers	CIS Docker 1.11.0 v1.0.0 L1 Docker	Unix	ACCESS CONTROL
5.7 Do not map privileged ports within containers	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
5.8 Do not map privileged ports within containers	CIS Docker 1.6 v1.0.0 L1 Docker	Unix
5.8 Ensure privileged ports are not mapped within containers	CIS Docker v1.6.0 L1 Docker Linux	Unix	CONFIGURATION MANAGEMENT
5.10 Limit memory usage for container	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
5.10 Limit memory usage for container	CIS Docker 1.11.0 v1.0.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
5.11 Ensure that the memory usage for containers is limited	CIS Docker v1.6.0 L1 Docker Linux	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
5.11 Limit memory usage for container	CIS Docker 1.6 v1.0.0 L1 Docker	Unix
5.11 Set container CPU priority appropriately	CIS Docker 1.12.0 v1.0.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
5.12 Mount container's root filesystem as read only	CIS Docker 1.12.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
5.14 Set the 'on-failure' container restart policy to 5 - 'MaximumRetryCount'	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
5.16 Ensure that the host's process namespace is not shared	CIS Docker v1.6.0 L1 Docker Linux	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
5.17 Do not share the host's IPC namespace	CIS Docker 1.6 v1.0.0 L1 Docker	Unix
5.18 Do not directly expose host devices to containers	CIS Docker 1.6 v1.0.0 L1 Docker	Unix
5.19 Ensure that the default ulimit is overwritten at runtime if needed	CIS Docker v1.6.0 L1 Docker Linux	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
5.19 Override default ulimit at runtime only if needed	CIS Docker 1.6 v1.0.0 L1 Docker	Unix
5.20 Do not share the host's UTS namespace	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
5.26 Check container health at runtime	CIS Docker 1.12.0 v1.0.0 L1 Docker	Unix	CONFIGURATION MANAGEMENT
5.28 Use PIDs cgroup limit	CIS Docker 1.12.0 v1.0.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
6.3 Backup container data	CIS Docker 1.12.0 v1.0.0 L1 Docker	Unix
7.3 Ensure that all Docker swarm overlay networks are encrypted	CIS Docker v1.6.0 L1 Docker Swarm	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Check if this is a Docker Vessel/Host	CIS Docker v1.6.0 L2 Docker Linux	Unix
CIS_Docker_1.6_v1.0.0_L2_Docker.audit Level 2	CIS Docker 1.6 v1.0.0 L2 Docker	Unix
CIS_Docker_1.13.0_L1_v1.0.0.audit Level 1	CIS Docker 1.13.0 v1.0.0 L1 Docker	Unix
DKER-EE-002010 - Memory usage for all containers must be limited in Docker Enterprise.	DISA STIG Docker Enterprise 2.x Linux/Unix v2r2	Unix	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search