Docker Bench for Security for Docker Daemon

Photo by chris panas on Unsplash

Introduction

In continuation to the previous post about Docker Bench for Security, this time we are handle secure the Daemon Docker.

Result of Docker Bench for Security

Let’s start

🚨 2.1 — Ensure network traffic is restricted between containers on the default bridge

• Edit file /lib/systemd/system/docker.service
• Change ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock to ExecStart=/usr/bin/dockerd -H fd:// -containerd=/run/containerd/containerd.sock --config-file=/etc/docker/daemon.json
• Create file /etc/docker/daemon.json with below content

root@vagrant:/home/vagrant# cat /etc/docker/daemon.json
{
    "icc": false
}

• Reload daemon and restart docker service

root@vagrant:/home/vagrant# systemctl daemon-reload
root@vagrant:/home/vagrant# systemctl restart…