1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker | CIS Docker v1.6.0 L2 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.2.4 Ensure auditing is configured for Docker files and directories - /var/lib/docker | CIS Docker v1.2.0 L2 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
1.3 Ensure Docker is up to date | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.5 Keep Docker up to date | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.6 Ensure auditing is configured for Docker files and directories - /var/lib/docker | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
1.9 Audit Docker files and directories - /etc/docker | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.9 Audit Docker files and directories - /var/lib/docker | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.12 Audit Docker files and directories - /etc/default/docker | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.13 Audit Docker files and directories - /etc/docker/daemon.json | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.13 Audit Docker files and directories - /var/run/docker.sock | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.14 Audit Docker files and directories - /etc/sysconfig/docker | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.15 Audit Docker files and directories - /etc/sysconfig/docker-network | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
2.5 Do not use the aufs storage driver | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
2.5 Do not use the aufs storage driver | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
2.6 Configure TLS authentication for Docker daemon --tlskey | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Configure TLS authentication for Docker daemon --tlscacert | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Ensure TLS authentication for Docker daemon is configured --tlscacert | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Ensure TLS authentication for Docker daemon is configured --tlskey | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Ensure TLS authentication for Docker daemon is configured --tlsverify | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Ensure TLS authentication for Docker daemon is configured - tlsverify | CIS Docker v1.2.0 L1 Docker Linux | Unix | |
2.7 Ensure TLS authentication for Docker daemon is configured - tlscacert | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
2.7 Ensure TLS authentication for Docker daemon is configured - tlscacert | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.7 Ensure TLS authentication for Docker daemon is configured - tlskey | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
2.7 Ensure TLS authentication for Docker daemon is configured - tlsverify | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
2.11 Use authorization plugin | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | IDENTIFICATION AND AUTHENTICATION |
3.9 Verify that docker-network environment file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.11 Verify that docker-registry environment file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.12 Verify that docker-registry environment file permissions are set to 644 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.14 Ensure that Docker server certificate key file permissions are set to 400 | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.14 Verify that Docker server certificate key file permissions are set to 400 | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.14 Verify that Docker server certificate key file permissions are set to 400 | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.14 Verify that Docker server certificate key file permissions are set to 400 | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.15 Ensure that the Docker socket file ownership is set to root:docker | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
3.16 Ensure that the Docker socket file permissions are set to 660 or more restrictively | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
3.16 Ensure that the Docker socket file permissions are set to 660 or more restrictively | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
3.16 Ensure that the Docker socket file permissions are set to 660 or more restrictively | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
3.16 Verify that Docker socket file permissions are set to 660 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.24 Verify that Docker server certificate key file permissions are set to 400 | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.26 Verify that Docker socket file permissions are set to 660 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
5.31 Ensure that the Docker socket is not mounted inside any containers | CIS Docker v1.2.0 L1 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
7.1 Ensure swarm mode is not Enabled, if not needed | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
DKER-EE-002080 - Docker Enterprise exec commands must not be used with privileged option. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-003590 - Content Trust enforcement must be enabled in Universal Control Plane (UCP) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-003610 - Only trusted, signed images must be on Universal Control Plane (UCP) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-003610 - Only trusted, signed images must be on Universal Control Plane (UCP) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-003610 - Only trusted, signed images must be on Universal Control Plane (UCP) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v1r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-005290 - Docker Enterprise server certificate key file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-005290 - Docker Enterprise server certificate key file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v1r1 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-005290 - Docker Enterprise server certificate key file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r1 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-005320 - Docker Enterprise socket file permissions must be set to 660 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |