STIGQter STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

An appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR).

DISA Rule

SV-235831r627620_rule

Vulnerability Number

V-235831

Group Title

SRG-APP-000343

Rule Version

DKER-EE-003230

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

via CLI:

Linux: As a trusted user on the host operating system, open the /etc/docker/daemon.json file for editing. If the file doesn't exist, it must be created.

Set the "log-driver" property to one of the following: "syslog", "awslogs", "splunk", "gcplogs", "logentries" or "<plugin>" (where <plugin> is the naming of a third-party Docker logging driver plugin). Configure the "log-opts" object as required by the selected "log-driver".

Save the file. Restart the docker daemon.

Check Contents

via CLI:

Linux: Execute the following commands as a trusted user on the host operating system:

cat /etc/docker/daemon.json | grep -i log-driver

Verify that the "log-driver" property is set to one of the following: "syslog", "awslogs", "splunk", "gcplogs", "logentries" or "<plugin>" (where <plugin> is the naming of a third-party Docker logging driver plugin).

If "log-driver" is not set, then this is a finding.

Vulnerability Number

V-235831

Documentable

False

Rule Version

DKER-EE-003230

Severity Override Guidance

via CLI:

Linux: Execute the following commands as a trusted user on the host operating system:

cat /etc/docker/daemon.json | grep -i log-driver

Verify that the "log-driver" property is set to one of the following: "syslog", "awslogs", "splunk", "gcplogs", "logentries" or "<plugin>" (where <plugin> is the naming of a third-party Docker logging driver plugin).

If "log-driver" is not set, then this is a finding.

Check Content Reference

M

Target Key

5281

Comments