Workload misconfigurations

Ensure TLS authentication for Docker daemon is configured (Automated)

Risk Level

Informational (4)

Platform(s)

  • N/A

Compliance Frameworks

Description

It is possible to make the Docker daemon available remotely over a TCP port. If this is required, you should ensure that TLS authentication is configured in order to restrict access to the Docker daemon via IP address and port.

  • Recommended Mitigation

    review the dockerd startup options, use: 'ps -ef | grep dockerd'. Ensure that the parameters are present: --tlsverify, --tlscacert, --tlscert, --tlskey. Review the contents of /etc/docker/daemon.json to ensure these settings are in place.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.