Control: 2.4 Ensure Docker is allowed to make changes to iptables'
Description
Set Docker daemon log level to info.
Setting up an appropriate log level, configures the Docker daemon to log events that you would want to review later. A base log level of info
and above would capture all logs except debug logs. Until and unless required, you should not run Docker daemon at debug
log level.
Remediation
Ensure that the Docker daemon configuration file has the following configuration included
"log-level": "info"
Alernatively, run the docker daemon as below
dockerd --log-level="info"
Default Value
By default, Docker daemon is set to log level of info
.
Usage
Run the control in your terminal:
powerpipe control run docker_compliance.control.cis_v160_2_4
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run docker_compliance.control.cis_v160_2_4 --share
SQL
This control uses a named query:
exec_docker_iptables_not_set