Using Docker bench to Enhance Container Security

Using Docker bench to Enhance Container Security

DevSecOps #1

Diagram:

Log in to the Server

Use SSH command to log in. (CentOS used)

Clone the Docker Bench repo from GitHub into the current working directory.

Use git clone command to clone Docker Bench Repo from GitHub.

Change the directory to the docker-bench-security directory and run the docker-bench-security script.

Change to the present directory using the cd command. Using superuser permissions execute the docker-bench-security.sh shell script and redirect standard output to a file called /tmp/bench1.out.
*The sudo command will prompt you for the cloud_user password

$ more /tmp/bench1.out

Update the audit rules on the server to include auditing the Docker Daemon

To list the rules already setup on the host, you may enter:

$ sudo auditctl -l

Error warning:

Use the auditctl command to add a rule to audit the Docker files in /var/lib/docker

$ sudo auditctl -w /var/lib/docker -k "docker lib"

The auditctl will write "-w" audit on the path "/var/lib/docker".

Run the Docker Bench security utility again and compare the output with the first run.

$ sudo sh docker-bench-security.sh > /tmp/bench2.out

Audit 1.1.5 will get PASS.

Source of Information:

A Cloud guru