Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-260910 | CNTR-MK-000120 | SV-260910r966087_rule | Medium |
Description |
---|
To limit the attack surface of MKE, it is important that the nonessential services are not installed. Containers are designed to be lightweight and isolated, and introducing SSH can add attack vectors. Unauthorized access or exploitation of SSH vulnerabilities would compromise the security of the container and the host system. SSH is not necessary for process management within containers, as container orchestration platforms provide mechanisms for starting, stopping, and monitoring containerized processes. SSH access within containers may bypass auditing mechanisms, making it harder to track and audit user activities. |
STIG | Date |
---|---|
Mirantis Kubernetes Engine Security Technical Implementation Guide | 2024-04-10 |
Check Text ( C-64639r966085_chk ) |
---|
This check must be executed on all nodes in a Docker Enterprise cluster. Verify no running containers have a process for SSH server. Using CLI, execute the following: for i in $(docker container ls --format "{{.ID}}"); do pid=$(docker inspect -f '{{.State.Pid}}' "$i") ps -h --ppid "$pid" -o cmd done | grep sshd If a container is output, it has a process for SSH server, this is a finding. |
Fix Text (F-64547r966086_fix) |
---|
Containers found with SSH server must be removed by executing the following: docker rm [container name] Then, a new image must be added with SSH server removed. |