iCompaas Support

Profile Applicability:

• Level 1
  

Description:

Swarm mode should only be enabled on Docker engine instances when needed. Enabling swarm mode opens multiple network ports on the system for cluster management and node communications, which increases the attack surface. If swarm mode is not required, it should be disabled.

Rationale:

By default, Docker does not expose network ports. When swarm mode is enabled, it opens several ports to allow for node communications within the swarm. These open ports can increase the risk of attack, especially if the swarm functionality is not necessary for your use case.

Impact:

Pros:

• Reduces the attack surface by not exposing unnecessary network ports.
  

• Minimizes resource consumption by disabling unused swarm-related services.
  

Cons:

• If swarm mode is necessary for Docker Enterprise components, disabling it can affect functionality.
  

Default Value:

By default, Docker swarm mode is not enabled.

Pre-requisites:

• Docker must be installed and configured on the system.
  

• Administrative privileges are required to modify Docker configurations.
  

Remediation:

Test Plan:

Using AWS Console:

1. Navigate to the EC2 instance running Docker.
   
2. Run the command docker info --format '{{ .Swarm }}' to check if swarm mode is active.
   
3. If the output includes active true, swarm mode is enabled.
   

Using AWS CLI:

1. Connect to the EC2 instance where Docker is running.
   
2. Run the following command to check the Docker swarm status:
   

docker info --format '{{ .Swarm }}'

Implementation Plan:

Using AWS Console:

1. Connect to the EC2 instance running Docker.
   
2. To disable swarm mode, run the following command:
   docker swarm leave --force
   
3. This command will remove the node from the swarm and stop swarm mode.
   

Using AWS CLI:

1. Use SSM to run the docker swarm leave command on EC2 instances where swarm mode is active:
   

aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["docker swarm leave --force"]'

Backout Plan:

Using AWS Console:

1. If you need to re-enable swarm mode, run the following command:

   docker swarm init

Using AWS CLI:

1. Use SSM to re-enable swarm mode if necessary:
   

   aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["docker swarm init"]'

   
   

References:

• Docker Swarm Mode Documentation
  

• Docker Swarm Init Command