docker / docker-bench-security

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
Apache License 2.0
9.18k stars 1.02k forks source link

Network hardening checks #239

Closed rhonnava closed 7 years ago

rhonnava commented 7 years ago

It would help if docker bench security checks for network stack hardening parameters for some basic attacks like SYN flooding, for parameters available per container:

Protection against IP Spoofing:

Enable logging of redirect packets, spoofed packets, source routed packets: net.ipv4.conf.all.log_martians = 1

And any other such network parameter ....

konstruktoid commented 7 years ago

Hi @rhonnava, I understand why you'd want this, but docker-bench-security is focused on following the CIS Docker Benchmark and not really server hardening in general. I suggest you have a look at other CIS benchmarks (https://learn.cisecurity.org/benchmarks), DISA STIGs (http://iase.disa.mil/stigs/Pages/index.aspx) or OpenSCAP (https://github.com/OpenSCAP/scap-security-guide/).