Ensure containers are restricted from acquiring new privileges (Automated)
By default you should restrict containers from acquiring additional privileges via suid or sgid.
Blog
Ensure auditing is configured for Docker files and directories – containerd.sock (Automated)
Audit containerd.sock, if applicable.
Ensure auditing is configured for Docker files and directories – /etc/containerd/config.toml (Automated)
Audit /etc/containerd/config.toml if applicable.
Ensure syslog messages are not suppressed (Automated)
In more modern Syslog implementations, repeated message suppression can be configured (for example, $RepeatedMsgReduction in rsyslog).
Ensure ‘debug_print_plan’ is disabled (Automated)
Enabling any of the DEBUG printing variables may cause the logging of sensitive information that would otherwise be omitted based...
OpenSearch (Elasticsearch) domain has less than three data nodes
Amazon OpenSearch Service (Amazon Elasticsearch Service successor) is a managed service that simplifies the deployment, operation, and scaling of OpenSearch...
Elasticsearch without at least three dedicated master nodes
Amazon OpenSearch Service (Amazon Elasticsearch Service successor) is a managed service that simplifies the deployment, operation, and scaling of OpenSearch...
Ensure the default seccomp profile is not Disabled (Automated)
Seccomp filtering provides a means for a process to specify a filter for incoming system calls. The default Docker seccomp...
Ensure that the Containerd socket file ownership is set to root:root (Automated)
You should verify that the Containerd socket file is owned by root and group owned by root.