v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/docker_compliance
Overview
1Dashboards
88Controls
88Queries
2Variables
GitHub

Control: 2.15 Ensure live restore is enabled

Description

The --live-restore option enables full support of daemon-less containers within Docker. It ensures that Docker does not stop containers on shutdown or restore and that it properly reconnects to the container when restarted.

One of the important security triads is availability. Setting the --live-restore flag within the Docker daemon ensures that container execution is not interrupted when it is not available. This also makes it easier to update and patch the Docker daemon without application downtime.

Remediation

Run Docker in daemon mode and pass --live-restore to it as an argument. For Example,

dockerd --live-restore

Default Value

By default, --live-restore is not enabled.

Usage

Run the control in your terminal:

powerpipe control run docker_compliance.control.cis_v160_2_15

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run docker_compliance.control.cis_v160_2_15 --share

SQL

This control uses a named query:

docker_info_live_restore_enabled

Tags

category = Compliance
cis = true
cis_item_id = 2.15
cis_level = 2
cis_section_id = 2
cis_type = manual
cis_version = v1.6.0
plugin = docker
service = Docker