2.8 Enable user namespace support - /etc/subgid | |
2.8 Enable user namespace support - /etc/subuid | |
2.8 Enable user namespace support --userns-remap=default | SYSTEM AND COMMUNICATIONS PROTECTION |
2.9 Ensure the default cgroup usage has been confirmed | SYSTEM AND COMMUNICATIONS PROTECTION |
2.10 Ensure base device size is not changed until needed | |
2.11 Ensure that authorization for Docker client commands is enabled | IDENTIFICATION AND AUTHENTICATION |
2.12 Ensure centralized and remote logging is configured | AUDIT AND ACCOUNTABILITY |
2.16 Ensure daemon-wide custom seccomp profile is applied, if needed | SYSTEM AND COMMUNICATIONS PROTECTION |
4.5 Ensure Content trust for Docker is Enabled | SYSTEM AND INFORMATION INTEGRITY |
4.8 Ensure setuid and setgid permissions are removed in the images | |
4.11 Ensure verified packages are only Installed | CONFIGURATION MANAGEMENT |
5.2 Ensure SELinux security options are set, if applicable | ACCESS CONTROL |
5.22 Ensure docker exec commands are not used with privileged option | |
5.23 Ensure docker exec commands are not used with user option | |
5.29 Ensure Docker's default bridge docker0 is not used | CONFIGURATION MANAGEMENT |
7.5 Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster | CONFIGURATION MANAGEMENT |
7.8 Ensure node certificates are rotated as appropriate | SYSTEM AND COMMUNICATIONS PROTECTION |
7.9 Ensure CA certificates are rotated as appropriate | IDENTIFICATION AND AUTHENTICATION |
7.10 Ensure management plane traffic has been separated from data plane traffic | SYSTEM AND COMMUNICATIONS PROTECTION |
CIS Docker Community Edition v1.1.0 L2 Docker | |