Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000023
Group -
LDAP integration in Docker Enterprise must be configured.
Both the Universal Control Plane (UCP) and Docker Trusted Registry (DTR) components of Docker Enterprise leverage the same authentication and authorization backplane known as eNZi. The eNZi backpla...Rule Medium Severity -
SRG-APP-000033
Group -
SRG-APP-000033
Group -
A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set.
Both the Universal Control Plane (UCP) and DTR components of Docker Enterprise leverage the same authentication and authorization backplane known as eNZi. eNZi provides UCP and DTR with role-based ...Rule Medium Severity -
SRG-APP-000033
Group -
SRG-APP-000039
Group -
The Docker Enterprise hosts process namespace must not be shared.
Process ID (PID) namespaces isolate the PID number space, meaning that processes in different PID namespaces can have the same PID. This is process level isolation between containers and the host. ...Rule Medium Severity -
SRG-APP-000039
Group -
The Docker Enterprise hosts IPC namespace must not be shared.
IPC (POSIX/SysV IPC) namespace provides separation of named shared memory segments, semaphores, and message queues. IPC namespace on the host thus should not be shared with the containers and shoul...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules