v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/docker_compliance
Overview
1Dashboards
88Controls
88Queries
2Variables
GitHub

Control: 5.23 Ensure that docker exec commands are not used with the privileged option

Description

You should not use docker exec with the --privileged option

Using the --privileged option in docker exec commands gives extended Linux capabilities to the command. This could potentially be an insecure practice, particularly when you are running containers with reduced capabilities or with enhanced restrictions.

Remediation

You should not use the --privileged option in docker exec commands

Default Value

By default, the docker exec command runs without the --privileged option

Usage

Run the control in your terminal:

powerpipe control run docker_compliance.control.cis_v160_5_23

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run docker_compliance.control.cis_v160_5_23 --share

SQL

This control uses a named query:

exec_docker_exec_command_no_privilege_option

Tags

category = Compliance
cis = true
cis_item_id = 5.23
cis_level = 2
cis_section_id = 5
cis_type = manual
cis_version = v1.6.0
plugin = docker
service = Docker