Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Docker Enterprise node certificates must be rotated as defined in the System Security Plan (SSP).
<VulnDiscussion>Rotate swarm node certificates as appropriate. Docker Swarm uses mutual TLS for clustering operations amongst its nodes. Cer...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The Docker Enterprise default ulimit must not be overwritten at runtime unless approved in the System Security Plan (SSP).
<VulnDiscussion>The default ulimit is set at the Docker daemon level. However, override the default ulimit setting, if needed, during contain...Rule Medium Severity -
SRG-APP-000454
<GroupDescription></GroupDescription>Group -
Docker Enterprise older Universal Control Plane (UCP) and Docker Trusted Registry (DTR) images must be removed from all cluster nodes upon upgrading.
<VulnDiscussion>When upgrading either the UCP or DTR components of Docker Enterprise, the newer images are pulled (or unpacked if offline) on...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules