Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1 Ensure that the --allow-privileged argument is set to falseCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

ACCESS CONTROL

2.1 Restrict network traffic between containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Restrict network traffic between containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.7 Set default ulimit as appropriate - default-ulimitCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10 Set default ulimit as appropriate '--default-ulimit'CIS Docker 1.6 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.14 Ensure centralized and remote logging is configuredCIS Docker v1.8.0 L2 OS LinuxUnix

AUDIT AND ACCOUNTABILITY

2.17 Bind swarm services to a specific host interfaceCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.19 Encrypt data exchanged between containers on different nodes on the overlay networkCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Verify that docker.service file ownership is set to root:rootCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.1 Verify that docker.service file ownership is set to root:rootCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.2 Verify that docker.service file permissions are set to 644 or more restrictiveCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.9 Verify that TLS CA certificate file ownership is set to root:rootCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.10 Verify that TLS CA certificate file permissions are set to 444 or more restrictiveCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.17 Verify that daemon.json file ownership is set to root:rootCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.8 Remove setuid and setgid permissions in the imagesCIS Docker 1.13.0 v1.0.0 L2 DockerUnix
4.9 Use COPY instead of ADD in DockerfileCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.1 Verify AppArmorCIS Docker 1.6 v1.0.0 L2 DockerUnix

ACCESS CONTROL

5.4 Do not use privileged containersCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

ACCESS CONTROL

5.5 Do not mount sensitive host system directories on containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.6 Do not mount sensitive host system directories on containersCIS Docker 1.6 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.6 Do not run ssh within containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.7 Do not map privileged ports within containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.8 Open only needed ports on containerCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.10 Limit memory usage for containerCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.11 Set container CPU priority appropriatelyCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.12 Mount container's root filesystem as read onlyCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.14 Set the 'on-failure' container restart policy to 5 - 'MaximumRetryCount'CIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyNameCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=alwaysCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failureCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.15 Do not share the host's process namespaceCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.16 Do not share the host's IPC namespaceCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.16 Do not share the host's IPC namespaceCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.17 Do not directly expose host devices to containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.18 Do not directly expose host devices to containersCIS Docker 1.6 v1.0.0 L1 DockerUnix
5.19 Do not set mount propagation mode to sharedCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.24 Confirm cgroup usageCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.25 Restrict container from acquiring additional privilegesCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.28 Use PIDs cgroup limitCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.28 Use PIDs cgroup limitCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.29 Do not use Docker's default bridge docker0CIS Docker 1.12.0 v1.0.0 L2 DockerUnix

CONFIGURATION MANAGEMENT

5.30 Do not share the host's user namespacesCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Perform regular security audits of your host system and containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
6.3 Backup container dataCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
6.3 Backup container dataCIS Docker 1.13.0 v1.0.0 L1 DockerUnix
7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - MINALPHA is set to 2CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.9 Ensure that management plane traffic is separated from data plane trafficCIS Docker v1.8.0 L1 Docker SwarmUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is not set to default string.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

DKER-EE-005210 - Docker Enterprise /etc/docker directory ownership must be set to root:root - UbuntuDISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT