v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/docker_compliance
Overview
1Dashboards
88Controls
88Queries
2Variables
GitHub

Control: 1.1.1 Ensure a separate partition for containers has been created

Description

All Docker containers and their data and metadata is stored under /var/lib/docker directory. By default, /var/lib/dockershould be mounted under either the / or /var partitions dependent on how the Linux operating system in use is configured.

Remediation

For new installations, you should create a separate partition for the /var/lib/docker mount point. For systems which have already been installed, you should use the Logical Volume Manager (LVM) within Linux to create a new partition.

Default Value

By default, /var/lib/docker is mounted under the / or /var partitions dependent on how the OS is configured.

Usage

Run the control in your terminal:

powerpipe control run docker_compliance.control.cis_v160_1_1_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run docker_compliance.control.cis_v160_1_1_1 --share

SQL

This control uses a named query:

exec_separate_partition_for_containers_created

Tags

category = Compliance
cis = true
cis_item_id = 1.1.1
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.6.0
plugin = docker
service = Docker