Member-only story
Introduction
In continuation to the previous post about Docker Bench for Security, this time we are handle secure the Daemon Docker.
Result of Docker Bench for Security
Let’s start
🚨 2.1 — Ensure network traffic is restricted between containers on the default bridge
- Edit file
/lib/systemd/system/docker.service
- Change
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
toExecStart=/usr/bin/dockerd -H fd:// -containerd=/run/containerd/containerd.sock --config-file=/etc/docker/daemon.json
- Create file
/etc/docker/daemon.json
with below content
root@vagrant:/home/vagrant# cat /etc/docker/daemon.json
{
"icc": false
}
- Reload daemon and restart docker service
root@vagrant:/home/vagrant# systemctl daemon-reload
root@vagrant:/home/vagrant# systemctl restart…