docker_container_apparmor_profile_enableddocker_container_cgroup_usagedocker_container_cpu_priority_setdocker_container_default_seccomp_profile_disableddocker_container_default_ulimitdocker_container_healthcheck_instructiondocker_container_host_devices_exposeddocker_container_host_ipc_namespace_shareddocker_container_host_network_namespace_shareddocker_container_host_process_namespace_shareddocker_container_host_system_directories_mounteddocker_container_host_user_namespace_shareddocker_container_host_uts_namespace_shareddocker_container_memory_usage_limitdocker_container_mount_propagation_mode_shareddocker_container_no_new_privilegesdocker_container_pid_cgroup_limit_useddocker_container_privilegeddocker_container_restart_policy_on_failuredocker_container_root_filesystem_mounteddocker_info_aufs_storage_driver_unuseddocker_info_centralized_and_remote_logging_configureddocker_info_container_sprawl_avoideddocker_info_custom_seccomp_profile_applieddocker_info_insecure_registries_unuseddocker_info_live_restore_enableddocker_info_swarm_manager_auto_lock_modedocker_info_swarm_minimum_required_manager_nodesdocker_info_swarm_mode_enableddocker_info_swarm_node_cert_expiry_setdocker_info_user_namespace_support_enableddocker_network_traffic_restricted_between_containersexec_auditing_configured_containerd_sockexec_auditing_configured_docker_daemonexec_auditing_configured_docker_serviceexec_auditing_configured_docker_socketexec_auditing_configured_etc_containerd_configexec_auditing_configured_etc_default_dockerexec_auditing_configured_etc_dockerexec_auditing_configured_etc_docker_daemonexec_auditing_configured_etc_sysconfig_dockerexec_auditing_configured_run_containerdexec_auditing_configured_usr_bin_containerdexec_auditing_configured_usr_bin_containerd_shimexec_auditing_configured_usr_bin_containerd_shim_runc_v1exec_auditing_configured_usr_bin_containerd_shim_runc_v2exec_auditing_configured_usr_bin_runcexec_auditing_configured_var_lib_dockerexec_authorization_docker_client_command_enabledexec_base_device_size_changedexec_containers_no_new_privilege_disabledexec_default_ulimit_configuredexec_docker_container_non_root_userexec_docker_container_trust_enabledexec_docker_daemon_run_as_root_userexec_docker_exec_command_no_privilege_optionexec_docker_exec_command_no_user_root_optionexec_docker_iptables_not_setexec_docker_socket_not_mounted_inside_containersexec_logging_level_set_to_infoexec_ownership_root_docker_socketexec_ownership_root_root_daemon_jsonexec_ownership_root_root_docker_containerd_socketexec_ownership_root_root_docker_server_certificateexec_ownership_root_root_docker_server_certificate_keyexec_ownership_root_root_docker_serviceexec_ownership_root_root_docker_socketexec_ownership_root_root_etc_default_dockerexec_ownership_root_root_etc_dockerexec_ownership_root_root_etc_sysconfig_dockerexec_ownership_root_root_registry_certificateexec_ownership_root_root_tls_ca_certificateexec_permissions_400_docker_server_certificate_keyexec_permissions_444_docker_server_certificateexec_permissions_444_registry_certificateexec_permissions_444_tls_ca_certificateexec_permissions_600_docker_containerd_socketexec_permissions_644_daemon_jsonexec_permissions_644_docker_serviceexec_permissions_644_docker_socketexec_permissions_644_etc_default_dockerexec_permissions_644_etc_sysconfig_dockerexec_permissions_660_docker_sockexec_permissions_755_etc_dockerexec_separate_partition_for_containers_createdexec_swarm_services_bound_to_specific_host_interfaceexec_tls_authentication_docker_daemon_configuredexec_userland_proxy_disabled
Queries in Docker Compliance
The Docker Compliance mod includes 88 queries:
- docker_container_apparmor_profile_enabled
- docker_container_cgroup_usage
- docker_container_cpu_priority_set
- docker_container_default_seccomp_profile_disabled
- docker_container_default_ulimit
- docker_container_healthcheck_instruction
- docker_container_host_devices_exposed
- docker_container_host_ipc_namespace_shared
- docker_container_host_network_namespace_shared
- docker_container_host_process_namespace_shared
- docker_container_host_system_directories_mounted
- docker_container_host_user_namespace_shared
- docker_container_host_uts_namespace_shared
- docker_container_memory_usage_limit
- docker_container_mount_propagation_mode_shared
- docker_container_no_new_privileges
- docker_container_pid_cgroup_limit_used
- docker_container_privileged
- docker_container_restart_policy_on_failure
- docker_container_root_filesystem_mounted
- docker_info_aufs_storage_driver_unused
- docker_info_centralized_and_remote_logging_configured
- docker_info_container_sprawl_avoided
- docker_info_custom_seccomp_profile_applied
- docker_info_insecure_registries_unused
- docker_info_live_restore_enabled
- docker_info_swarm_manager_auto_lock_mode
- docker_info_swarm_minimum_required_manager_nodes
- docker_info_swarm_mode_enabled
- docker_info_swarm_node_cert_expiry_set
- docker_info_user_namespace_support_enabled
- docker_network_traffic_restricted_between_containers
- exec_auditing_configured_containerd_sock
- exec_auditing_configured_docker_daemon
- exec_auditing_configured_docker_service
- exec_auditing_configured_docker_socket
- exec_auditing_configured_etc_containerd_config
- exec_auditing_configured_etc_default_docker
- exec_auditing_configured_etc_docker
- exec_auditing_configured_etc_docker_daemon
- exec_auditing_configured_etc_sysconfig_docker
- exec_auditing_configured_run_containerd
- exec_auditing_configured_usr_bin_containerd
- exec_auditing_configured_usr_bin_containerd_shim
- exec_auditing_configured_usr_bin_containerd_shim_runc_v1
- exec_auditing_configured_usr_bin_containerd_shim_runc_v2
- exec_auditing_configured_usr_bin_runc
- exec_auditing_configured_var_lib_docker
- exec_authorization_docker_client_command_enabled
- exec_base_device_size_changed
- exec_containers_no_new_privilege_disabled
- exec_default_ulimit_configured
- exec_docker_container_non_root_user
- exec_docker_container_trust_enabled
- exec_docker_daemon_run_as_root_user
- exec_docker_exec_command_no_privilege_option
- exec_docker_exec_command_no_user_root_option
- exec_docker_iptables_not_set
- exec_docker_socket_not_mounted_inside_containers
- exec_logging_level_set_to_info
- exec_ownership_root_docker_socket
- exec_ownership_root_root_daemon_json
- exec_ownership_root_root_docker_containerd_socket
- exec_ownership_root_root_docker_server_certificate
- exec_ownership_root_root_docker_server_certificate_key
- exec_ownership_root_root_docker_service
- exec_ownership_root_root_docker_socket
- exec_ownership_root_root_etc_default_docker
- exec_ownership_root_root_etc_docker
- exec_ownership_root_root_etc_sysconfig_docker
- exec_ownership_root_root_registry_certificate
- exec_ownership_root_root_tls_ca_certificate
- exec_permissions_400_docker_server_certificate_key
- exec_permissions_444_docker_server_certificate
- exec_permissions_444_registry_certificate
- exec_permissions_444_tls_ca_certificate
- exec_permissions_600_docker_containerd_socket
- exec_permissions_644_daemon_json
- exec_permissions_644_docker_service
- exec_permissions_644_docker_socket
- exec_permissions_644_etc_default_docker
- exec_permissions_644_etc_sysconfig_docker
- exec_permissions_660_docker_sock
- exec_permissions_755_etc_docker
- exec_separate_partition_for_containers_created
- exec_swarm_services_bound_to_specific_host_interface
- exec_tls_authentication_docker_daemon_configured
- exec_userland_proxy_disabled