🚀Launch Week 04, May 13th - 17th, 2024!🚀
Powerpipe Hub 
Hub
Mods
turbot/docker_compliance
Overview
1Dashboards
88Controls
88Queries
2Variables
GitHub
Loading controls...

Control: 5.2 Ensure that, if applicable, an AppArmor Profile is enabled

Description

AppArmor is an effective and easy-to-use Linux application security system. It is available on some Linux distributions by default, for example, on Debian and Ubuntu.

AppArmor protects the Linux OS and applications from various threats by enforcing a security policy which is also known as an AppArmor profile. You can create your own AppArmor profile for containers or use Docker's default profile. Enabling this feature enforces security policies on containers as defined in the profile.

Remediation

If AppArmor is applicable for your Linux OS, you should enable it.

  1. Verify AppArmor is installed.
  2. Create or import a AppArmor profile for Docker containers.
  3. Enable enforcement of the policy.
  4. Start your Docker container using the customized AppArmor profile. For example:
docker run --interactive --tty --security-opt="apparmor:PROFILENAME" ubuntu /bin/bash

Alternatively, Docker's default AppArmor policy can be used.

Default Value

By default, the docker-default AppArmor profile is applied to running containers. The Docker binary generates this profile and then loads it into the kernel.

Usage

Run the control in your terminal:

powerpipe control run docker_compliance.control.cis_v160_5_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run docker_compliance.control.cis_v160_5_2 --share

SQL

This control uses a named query:

docker_container_apparmor_profile_enabled

Tags

category = Compliance
cis = true
cis_item_id = 5.2
cis_level = 5
cis_section_id = 5
cis_type = manual
cis_version = v1.6.0
plugin = docker
service = Docker