Closed rhonnava closed 7 years ago
Hi @rhonnava, I understand why you'd want this, but docker-bench-security
is focused on following the CIS Docker Benchmark and not really server hardening in general.
I suggest you have a look at other CIS benchmarks (https://learn.cisecurity.org/benchmarks), DISA STIGs (http://iase.disa.mil/stigs/Pages/index.aspx) or OpenSCAP (https://github.com/OpenSCAP/scap-security-guide/).
It would help if docker bench security checks for network stack hardening parameters for some basic attacks like SYN flooding, for parameters available per container:
Protection against IP Spoofing:
Enable logging of redirect packets, spoofed packets, source routed packets: net.ipv4.conf.all.log_martians = 1
And any other such network parameter ....