v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/docker_compliance
Overview
1Dashboards
88Controls
88Queries
2Variables
GitHub

Control: 2.16 Ensure Userland Proxy is Disabled

Description

The Docker daemon starts a userland proxy service for port forwarding whenever a port is exposed. Where hairpin NAT is available, this service is generally superfluous to requirements and can be disabled.

Usage

Run the control in your terminal:

powerpipe control run docker_compliance.control.cis_v160_2_16

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run docker_compliance.control.cis_v160_2_16 --share

SQL

This control uses a named query:

exec_userland_proxy_disabled

Tags

category = Compliance
cis = true
cis_item_id = 2.16
cis_level = 1
cis_section_id = 2
cis_type = manual
cis_version = v1.6.0
plugin = docker
service = Docker