Ensure TLS authentication for Docker daemon is configured (Automated)
It is possible to make the Docker daemon available remotely over a TCP port. If this is required, you should...
Cloud Risks
Ensure the default ulimit is configured appropriately (Automated)
ulimit provides control over the resources available to the shell and to processes which it starts. Setting system resource limits...
Ensure that authorization for Docker client commands is enabled (Automated)
Under certain circumstances, you might need containers larger than 10G. Where this applies you should carefully choose the base device...
Ensure centralized and remote logging is configured (Automated)
Docker supports various logging mechanisms. A preferable method for storing logs is one that supports centralized and remote management.
Ensure Userland Proxy is Disabled (Automated)
The Docker daemon starts a userland proxy service for port forwarding whenever a port is exposed. Where hairpin NAT is...
Ensure that a daemon-wide custom seccomp profile is applied if appropriate (Automated)
You can choose to apply a custom seccomp profile at a daemon-wide level if needed with this overriding Docker's default...
Ensure containers are restricted from acquiring new privileges (Automated)
By default you should restrict containers from acquiring additional privileges via suid or sgid.
Ensure auditing is configured for Docker files and directories – containerd.sock (Automated)
Audit containerd.sock, if applicable.
Ensure auditing is configured for Docker files and directories – /etc/containerd/config.toml (Automated)
Audit /etc/containerd/config.toml if applicable.