Item Search

NameAudit NamePluginCategory
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerCIS Docker v1.7.0 L2 Docker - LinuxUnix

AUDIT AND ACCOUNTABILITY

1.2 Ensure the container host has been HardenedCIS Docker Community Edition v1.1.0 L1 Linux Host OSUnix

CONFIGURATION MANAGEMENT

1.2 Harden the container hostCIS Docker 1.13.0 v1.0.0 L1 LinuxUnix

CONFIGURATION MANAGEMENT

1.3 Harden the container hostCIS Docker 1.11.0 v1.0.0 L1 LinuxUnix

CONFIGURATION MANAGEMENT

1.3 Harden the container hostCIS Docker 1.12.0 v1.0.0 L1 LinuxUnix

CONFIGURATION MANAGEMENT

1.3 Keep Docker up to dateCIS Docker 1.13.0 v1.0.0 L1 LinuxUnix

SYSTEM AND INFORMATION INTEGRITY

1.4 Harden the container hostCIS Docker 1.6 v1.0.0 L1 LinuxUnix

CONFIGURATION MANAGEMENT

1.8 Audit Docker files and directories - /var/lib/dockerCIS Docker 1.12.0 v1.0.0 L1 LinuxUnix

AUDIT AND ACCOUNTABILITY

1.9 Audit Docker files and directories - docker.socketCIS Docker 1.13.0 v1.0.0 L1 LinuxUnix

AUDIT AND ACCOUNTABILITY

1.9 Ensure auditing is configured for Docker files and directories - docker.socketCIS Docker Community Edition v1.1.0 L1 Linux Host OSUnix

AUDIT AND ACCOUNTABILITY

1.11 Audit Docker files and directories - docker.socketCIS Docker 1.12.0 v1.0.0 L1 LinuxUnix

AUDIT AND ACCOUNTABILITY

2.2 Ensure the logging level is set to 'info'CIS Docker Community Edition v1.1.0 L1 DockerUnix

AUDIT AND ACCOUNTABILITY

2.2 Set the logging levelCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

AUDIT AND ACCOUNTABILITY

2.2 Set the logging levelCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

AUDIT AND ACCOUNTABILITY

2.2 Set the logging levelCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

AUDIT AND ACCOUNTABILITY

2.3 Ensure Docker is allowed to make changes to iptablesCIS Docker Community Edition v1.1.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Ensure the logging level is set to 'info'CIS Docker v1.7.0 L1 Docker - LinuxUnix

AUDIT AND ACCOUNTABILITY

2.4 Allow Docker to make changes to iptablesCIS Docker 1.6 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure insecure registries are not usedCIS Docker v1.7.0 L1 Docker - LinuxUnix

CONFIGURATION MANAGEMENT

2.9 Confirm default cgroup usageCIS Docker 1.11.0 v1.0.0 L2 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.13 Disable operations on legacy registry (v1)CIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

2.23 Run swarm manager in auto-lock modeCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Verify that docker.socket file ownership is set to root:rootCIS Docker 1.6 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.6 Verify that docker.socket file permissions are set to 644 or more restrictiveCIS Docker 1.6 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.7 Ensure that registry certificate file ownership is set to root:rootCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

3.7 Verify that registry certificate file ownership is set to root:rootCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.8 Verify that registry certificate file permissions are set to 444 or more restrictiveCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.8 Verify that registry certificate file permissions are set to 444 or more restrictiveCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.11 Ensure that Docker server certificate file ownership is set to root:rootCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.12 Ensure that the Docker server certificate file permissions are set to 444 or more restrictivelyCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL, MEDIA PROTECTION

3.12 Verify that Docker server certificate file permissions are set to 444 or more restrictiveCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.14 Ensure that the Docker server certificate key file permissions are set to 400CIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL, MEDIA PROTECTION

3.18 Verify that registry certificate file permissions are set to 444 or more restrictiveCIS Docker 1.6 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.19 Ensure that the /etc/default/docker file ownership is set to root:rootCIS Docker v1.7.0 L2 Docker - LinuxUnix

ACCESS CONTROL

3.20 Ensure that /etc/default/docker file permissions are set to 644 or more restrictiveCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.20 Ensure that the /etc/default/docker file permissions are set to 644 or more restrictivelyCIS Docker v1.7.0 L2 Docker - LinuxUnix

ACCESS CONTROL, MEDIA PROTECTION

3.20 Verify that /etc/default/docker file permissions are set to 644 or more restrictiveCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.20 Verify that /etc/default/docker file permissions are set to 644 or more restrictiveCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.22 Ensure that the /etc/sysconfig/docker file ownership is set to root:rootCIS Docker v1.7.0 L2 Docker - LinuxUnix

ACCESS CONTROL

4.10 Do not store secrets in DockerfilesCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.1 Ensure swarm mode is not Enabled, if not neededCIS Docker v1.7.0 L1 Docker - LinuxUnix

CONFIGURATION MANAGEMENT

5.6 Do not run ssh within containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.6 Do not run ssh within containersCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.6 Ensure ssh is not run within containersCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.7 Ensure sshd is not run within containersCIS Docker v1.7.0 L1 Docker - LinuxUnix

CONFIGURATION MANAGEMENT

7.6 Ensure swarm manager is run in auto-lock modeCIS Docker Community Edition v1.1.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-001930 - An appropriate AppArmor profile must be enabled on Ubuntu systems for Docker Enterprise.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-002130 - The Docker Enterprise socket must not be mounted inside any containers.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-002400 - Docker Enterprise Swarm manager must be run in auto-lock mode.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

IDENTIFICATION AND AUTHENTICATION

DKER-EE-005230 - Docker Enterprise registry certificate file ownership must be set to root:root.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT