Profile Applicability:

  • Level 1 

Description:

Frequent releases for Docker address security vulnerabilities, resolve product bugs, and introduce new functionality. It is essential to keep Docker up to date with the latest versions as per the general IT security policy of your organization.

Rationale:

Staying up to date on Docker updates mitigates vulnerabilities in the software. If Docker is not updated, attackers could exploit known vulnerabilities to gain unauthorized access or elevate their privileges. By ensuring Docker is always at the most current release, unwanted behavior can be avoided, maintaining a secure containerized environment.

Impact:

Pros:

  • Reduces the likelihood of security breaches caused by outdated software.

  • Enhances Docker’s functionality and stability.

Cons:

  • Updates might cause compatibility issues with third-party products or services that require older versions of Docker. A risk assessment should be performed before upgrading.

Default Value:

Not applicable. Docker does not automatically update itself to the latest version.

Pre-requisites:

  • Administrative access to the Docker host system.

  • Awareness of any dependencies or third-party applications that may require specific versions of Docker.

Remediation:

Test Plan:

Using AWS Console:

  1. Log in to the EC2 instance running Docker.
  2. Run the following command to verify the current version of Docker:
    docker version
  3. Check the Docker release notes for any available updates:
    Docker Release Notes

Using AWS CLI:

  1. Connect to the EC2 instance.
  2. Run the following command to check the installed Docker version:
  • docker version

       3. Check for Docker version updates by running:

  • aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["docker version"]'

Implementation Plan:

Using AWS Console:

  1. Log in to the EC2 instance.
  2. Update Docker to the latest version by following the relevant steps for your system:
  1. For Ubuntu: 

    sudo apt-get update && sudo apt-get install docker-ce


  2. For CentOS:

     sudo yum install docker-ce


            3. Restart Docker to apply the changes:

  • sudo systemctl restart docker

Using AWS CLI:

  1. Use SSM to remotely update Docker:
aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo apt-get update && sudo apt-get install docker-ce && sudo systemctl restart docker"]'


Backout Plan:

Using AWS Console:

  1. Log in to the EC2 instance.
  2. Rollback to a previous Docker version by using package managers:
    For Ubuntu: sudo apt-get install docker-ce=<previous_version>
    For CentOS: sudo yum install docker-ce-<previous_version>
  3. Restart Docker to apply the changes:

Using AWS CLI:

  1. Use SSM to remotely rollback Docker:
aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo apt-get install docker-ce=<previous_version> && sudo systemctl restart docker"]'


References: