CIS Docker v1.6.0 L2 Docker Linux

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Docker v1.6.0 L2 Docker Linux

Updated: 12/3/2024

Authority: CIS

Plugin: Unix

Revision: 1.3

Estimated Item Count: 59

File Details

Filename: CIS_Docker_v1.6.0_L2_Docker_Linux.audit

Size: 91.3 kB

MD5: ab3e94e17f9ff76138f66fd0c1385077
SHA256: 9f0e826d14dc8f61ac74a0bc41994bd41bd9f9dab685c98d8ddd1575b8c2f108

Audit Items

DescriptionCategories
1.1.3 Ensure auditing is configured for the Docker daemon
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker
1.1.7 Ensure auditing is configured for Docker files and directories - docker.service
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sock
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sock
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.toml
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runc
1.2.1 Ensure the container host has been Hardened
1.2.2 Ensure that the version of Docker is up to date
2.9 Enable user namespace support - /etc/subgid
2.9 Enable user namespace support - /etc/subuid
2.9 Enable user namespace support - SecurityOptions
2.10 Ensure the default cgroup usage has been confirmed - daemon.json
2.10 Ensure the default cgroup usage has been confirmed - dockerd
2.11 Ensure base device size is not changed until needed - daemon.json
2.11 Ensure base device size is not changed until needed - dockerd
2.12 Ensure that authorization for Docker client commands is enabled
2.13 Ensure centralized and remote logging is configured
2.17 Ensure that a daemon-wide custom seccomp profile is applied if appropriate
3.1 Ensure that the docker.service file ownership is set to root:root
3.2 Ensure that docker.service file permissions are appropriately set
3.3 Ensure that docker.socket file ownership is set to root:root
3.4 Ensure that docker.socket file permissions are set to 644 or more restrictive
3.5 Ensure that the /etc/docker directory ownership is set to root:root
3.6 Ensure that /etc/docker directory permissions are set to 755 or more restrictively
3.7 Ensure that registry certificate file ownership is set to root:root
3.8 Ensure that registry certificate file permissions are set to 444 or more restrictively
3.9 Ensure that TLS CA certificate file ownership is set to root:root
3.10 Ensure that TLS CA certificate file permissions are set to 444 or more restrictively
3.11 Ensure that Docker server certificate file ownership is set to root:root
3.12 Ensure that the Docker server certificate file permissions are set to 444 or more restrictively
3.15 Ensure that the Docker socket file ownership is set to root:docker
3.16 Ensure that the Docker socket file permissions are set to 660 or more restrictively
3.17 Ensure that the daemon.json file ownership is set to root:root
3.18 Ensure that daemon.json file permissions are set to 644 or more restrictive
3.19 Ensure that the /etc/default/docker file ownership is set to root:root
3.20 Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively
3.21 Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively
3.22 Ensure that the /etc/sysconfig/docker file ownership is set to root:root
3.23 Ensure that the Containerd socket file ownership is set to root:root
3.24 Ensure that the Containerd socket file permissions are set to 660 or more restrictively