Control: 2.15 Ensure live restore is enabled
Description
The --live-restore option enables full support of daemon-less containers within Docker. It ensures that Docker does not stop containers on shutdown or restore and that it properly reconnects to the container when restarted.
One of the important security triads is availability. Setting the --live-restore flag within the Docker daemon ensures that container execution is not interrupted when it is not available. This also makes it easier to update and patch the Docker daemon without application downtime.
Remediation
Run Docker in daemon mode and pass --live-restore to it as an argument.
For Example,
dockerd --live-restore
Default Value
By default, --live-restore is not enabled.
Usage
Run the control in your terminal:
powerpipe control run docker_compliance.control.cis_v160_2_15Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run docker_compliance.control.cis_v160_2_15 --shareSQL
This control uses a named query:
docker_info_live_restore_enabled