Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.1 Restrict network traffic between containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Run the Docker daemon as a non-root user, if possibleCIS Docker v1.8.0 L1 OS LinuxUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.2 Restrict network traffic between containersCIS Docker 1.6 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.7 Set default ulimit as appropriate - default-ulimitCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10 Set default ulimit as appropriate '--default-ulimit'CIS Docker 1.6 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.18 Disable Userland ProxyCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

2.19 Encrypt data exchanged between containers on different nodes on the overlay networkCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.19 Ensure that experimental features are not implemented in productionCIS Docker v1.8.0 L1 OS LinuxUnix

CONFIGURATION MANAGEMENT

3.1 Verify that docker.service file ownership is set to root:rootCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.2 Verify that docker.service file permissions are set to 644 or more restrictiveCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.2 Verify that docker.service file permissions are set to 644 or more restrictiveCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.4 Verify that docker.socket file permissions are set to 644 or more restrictiveCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.9 Verify that TLS CA certificate file ownership is set to root:rootCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.10 Verify that TLS CA certificate file permissions are set to 444 or more restrictiveCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.17 Verify that daemon.json file ownership is set to root:rootCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.18 Verify that daemon.json file permissions are set to 644 or more restrictiveCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.18 Verify that daemon.json file permissions are set to 644 or more restrictiveCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.2 Use trusted base images for containersCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.3 Do not install unnecessary packages in the containerCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.3 Enable Auditing of File Metadata Modification EventsCIS Oracle Solaris 11.4 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.4 Scan and rebuild the images to include security patchesCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.5 Enable Content trust for DockerCIS Docker 1.12.0 v1.0.0 L2 DockerUnix

SYSTEM AND INFORMATION INTEGRITY

4.7 Do not use update instructions alone in the DockerfileCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.9 Enable Kernel Level Auditing, Check if 'flags:lo,ad,cc' is set in /etc/security/audit_control.CIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

4.9 Use COPY instead of ADD in DockerfileCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.4 Do not use privileged containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

ACCESS CONTROL

5.5 Do not mount sensitive host system directories on containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.7 Do not map privileged ports within containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
5.8 Open only needed ports on containerCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.8 Open only needed ports on containerCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.10 Limit memory usage for containerCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.11 Set container CPU priority appropriatelyCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.12 Mount container's root filesystem as read onlyCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.12 Mount container's root filesystem as read onlyCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.12 Mount container's root filesystem as read onlyCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.13 Bind incoming container traffic to a specific host interfaceCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.13 Bind incoming container traffic to a specific host interfaceCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.13 Mount container's root filesystem as read onlyCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=alwaysCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failureCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.15 Do not share the host's process namespaceCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.18 Override default ulimit at runtime only if neededCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.26 Check container health at runtimeCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.28 Use PIDs cgroup limitCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.28 Use PIDs cgroup limitCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.30 Do not share the host's user namespacesCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Monitor Docker containers usage, performance and meteringCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
6.3 Backup container dataCIS Docker 1.13.0 v1.0.0 L1 DockerUnix
6.3 Backup container dataCIS Docker 1.12.0 v1.0.0 L1 DockerUnix
7.8 Ensure that CA certificates are rotated as appropriateCIS Docker v1.8.0 L1 Docker SwarmUnix

IDENTIFICATION AND AUTHENTICATION