Workload misconfigurations

Ensure TLS authentication for Docker daemon is configured (Automated)

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

It is possible to make the Docker daemon available remotely over a TCP port. If this is required, you should ensure that TLS authentication is configured in order to restrict access to the Docker daemon via IP address and port.
  • Recommended Mitigation

    review the dockerd startup options, use: 'ps -ef | grep dockerd'. Ensure that the parameters are present: --tlsverify, --tlscacert, --tlscert, --tlskey. Review the contents of /etc/docker/daemon.json to ensure these settings are in place.