Tuesday 12 May 2020

Audit Docker Security with CIS Benchmark Script

The following Git Hub repo includes a script which checks against dozens of common best practices related to securing Docker. 


It is worth running this to get an understanding of your Docker environments security posture. 

Step 1: Clone the repo on your Docker host

git clone https://github.com/docker/docker-bench-security.git

Step 2: cd to the directory

cd docker-bench-security

Step 3: run the script (this runs the entire script)

sudo ./docker-bench-security/sh

Step 4: review the output

It is also possible to target certain aspects of a Docker deployment, such as doing a targeted scan of the Docker host configurations.

To do this run the script with the following switches:

This command runs checks againest the Docker hosts itself. 

sudo ./docker-bench-security.sh -c host_configuration

The other targeted tests are shown below. Just substitued the test name into the above command.