Benchmark: 7 Docker Swarm Configuration
Overview
This section lists the recommendations that alter and secure the behavior of the Docker Swarm. If you are not using Docker Swarm then the recommendations in this section do not apply.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-docker-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 7 Docker Swarm Configuration.
Run this benchmark in your terminal:
powerpipe benchmark run docker_compliance.benchmark.cis_v160_7
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run docker_compliance.benchmark.cis_v160_7 --share
Controls
- 7.1 Ensure that the minimum number of manager nodes have been created in a swarm
- 7.2 Ensure that swarm services are bound to a specific host interface
- 7.5 Ensure that swarm manager is run in auto-lock mode
- 7.7 Ensure that node certificates are rotated as appropriate