Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-docker-compliance
Overview
1Dashboards
88Benchmarks
88Queries
2Variables
GitHub

Control: 2.1 Run the Docker daemon as a non-root user, if possible

Description

Rootless mode executes the Docker daemon and containers inside a user namespace, with both the daemon and the container are running without root privileges. Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container runtime

Remediation

Follow the current Docker documentation on how to install the Docker daemon as a non-root user

Default Value

The Docker daemon is running as the root user by default.

Usage

Run the control in your terminal:

powerpipe control run docker_compliance.control.cis_v160_2_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run docker_compliance.control.cis_v160_2_1 --share

SQL

This control uses a named query:

with hostname as (
  select
    btrim(stdout_output, E' \n\r\t') as host,
    _ctx ->> 'connection_name' as host_conn,
    _ctx
  from
    exec_command
  where
    command = 'hostname'
),


 command_output as (
  select
    stdout_output,
     _ctx ->> 'connection_name' as conn
  from
    exec_command
  where
    command = 'ps -ef | grep dockerd'
)
select
  host as resource,
  case
    when o.stdout_output like '%root%' then 'alarm'
    else 'ok'
  end as status,
  case
    when o.stdout_output like '%root%' then host || ' Docker daemon is running as root user.'
    else host || ' Docker daemon is not running as root user.'
  end as reason
  , h._ctx ->> 'connection_name' as connection_name
from
  hostname as h,
  command_output as o
where
  o.conn = h.host_conn;

Tags

category = Compliance
cis = true
cis_item_id = 2.1
cis_level = 2
cis_section_id = 2
cis_type = manual
cis_version = v1.6.0
plugin = docker
service = Docker