Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-235813 | DKER-EE-002080 | SV-235813r627566_rule | High |
Description |
---|
Do not use docker exec with --privileged option. Using --privileged option in docker exec gives extended Linux capabilities to the command. Do not run docker exec with the --privileged option, especially when running containers with dropped capabilities or with enhanced restrictions. By default, docker exec command runs without --privileged option. |
STIG | Date |
---|---|
Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide | 2021-03-26 |
Check Text ( C-39032r627564_chk ) |
---|
This check only applies to the use of Docker Engine - Enterprise on a Linux host operating system and should be executed on all nodes in a Docker Enterprise cluster. Ensure the default seccomp profile is not disabled, if applicable. via CLI: Linux: As a trusted user on the host operating system, use the below command to filter out docker exec commands that used --privileged option. sudo ausearch -k docker | grep exec | grep privileged If there are any in the output, then this is a finding. |
Fix Text (F-38995r627565_fix) |
---|
This fix only applies to the use of Docker Engine - Enterprise on a Linux host operating system. Do not use --privileged option in docker exec command. A reference for the docker exec command can be found at https://docs.docker.com/engine/reference/commandline/exec/. |