iCompaas Support

Profile Applicability:

• Level 1
  

Description:

Container sprawl occurs when too many unused or unnecessary containers are running or lingering on the system. This can lead to wasted resources and potential security risks. It's essential to regularly monitor and clean up unused containers to avoid sprawl.

Rationale:

Unused containers can consume valuable system resources such as memory, CPU, and storage. Keeping unnecessary containers around increases the attack surface, making it harder to maintain security hygiene. Avoiding container sprawl ensures better resource management, performance, and security.

Impact:

Pros:

• Reduces system resource consumption.
  

• Improves system security by removing unnecessary attack vectors.
  

• Enhances container management and maintainability.
  

Cons:

• Requires regular monitoring and management of containers.
  

• May require additional automation or cleanup procedures.
  

Default Value:

Containers may be left running after their tasks have been completed if not managed properly.

Pre-requisites:

• Administrative access to Docker daemon or container management tools.
  

• Monitoring tools or scripts to track container usage and lifecycles.
  

Remediation:

Test Plan:

Using AWS Console:

1. Log into the AWS Management Console.
   

2. Navigate to EC2 > Instances or ECS to identify containers that are running but no longer in use.
   

3. Verify the resource usage and termination policies for those containers.
   

Using AWS CLI:

1. Connect to the EC2 instance where Docker is running.
   

2. List running containers using the following command:
   

docker ps

3. Identify containers that are no longer in use and can be stopped or removed.
   

Implementation Plan:

Using AWS Console:

1. Log into the EC2 instance.
   

2. Use the AWS ECS or EC2 Console to stop unused containers.
   

3. Ensure auto-scaling or job-based container termination is enabled to prevent future sprawl.
   

Using AWS CLI:

1. List containers with the command:
   

docker ps -a

2. Stop and remove unused containers using the following commands:
   

docker stop <container_id>
docker rm <container_id>

Backout Plan:

Using AWS Console:

1. If containers were stopped or removed by mistake, use the Console to restart the containers.
   

2. Review auto-scaling or container creation configurations to ensure containers are re-spawned as needed.
   

Using AWS CLI:

1. If containers were stopped or removed unintentionally, run the following command to restart:
   

docker start <container_id>

References:

• CIS Docker Benchmark v1.7
  

• Docker Documentation: https://docs.docker.com/