CIS Docker Benchmark
Profile Applicability: Level 1 Description: When running containers, it is important to bind incoming container traffic to a specific host interfac...
Tue, 29 Apr, 2025 at 11:23 PM
Profile Applicability: Level 1 Description: Using the --privileged flag in Docker grants all Linux kernel capabilities to the container, which over...
Tue, 29 Apr, 2025 at 11:28 PM
Profile Applicability: Level 1 Description: The Docker --restart policy controls the restart behavior of containers in case of failure. Setting it t...
Tue, 29 Apr, 2025 at 11:29 PM
Profile Applicability: Level 1 Description: The Docker container process namespace should not be shared with the host system. This prevents contain...
Tue, 29 Apr, 2025 at 11:34 PM
Profile Applicability: Level 1 Description: The Docker container's process namespace should not be shared with the host system. This is to ensu...
Tue, 29 Apr, 2025 at 11:39 PM
Profile Applicability: Level 1 Description: Sensitive host system directories, such as /, /boot, /dev, /etc, /lib, /lib64, /proc, /sys, and /usr, sh...
Tue, 29 Apr, 2025 at 11:39 PM
Profile Applicability: Level 1 Description: Host devices should not be directly exposed to containers to prevent unauthorized access to critical sys...
Tue, 29 Apr, 2025 at 11:45 PM
Profile Applicability: Level 1 Description: The SSH daemon (sshd) should not be running within containers. Instead, you should SSH into the Docker h...
Tue, 29 Apr, 2025 at 11:48 PM
Profile Applicability: Level 1 Description: Docker containers should have their ulimit settings explicitly defined if necessary. The default ulimit ...
Tue, 29 Apr, 2025 at 11:51 PM
Profile Applicability: Level 1 Description: The TCP/IP port numbers below 1024 are considered privileged ports. Normal users and processes are not ...
Tue, 29 Apr, 2025 at 11:54 PM