search

docker / docker-bench-security

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
Apache License 2.0
9.18k stars 1.02k forks source link

Docker daemon socket security #544

Closed Nethaji-nethu closed 5 months ago

Nethaji-nethu commented 1 year ago

Please add docker daemon socket security checks. tcp://0.0.0.0:4243/version or unix:///var/run/docker.sock , if open, could you please add a check to see if there is an authentication mechanism in place ? or atleast warn the user about API being exposed ? Thanks

konstruktoid commented 1 year ago

Hi @Nethaji-nethu, are there any specific situations that aren't caught with the current code?