STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP).

DISA Rule

SV-235832r695335_rule

Vulnerability Number

V-235832

Group Title

SRG-APP-000357

Rule Version

DKER-EE-003310

Severity

CAT II

CCI(s)

CCI-001849 - The organization allocates audit record storage capacity in accordance with organization-defined audit record storage requirements.

Weight

Fix Recommendation

This fix only applies to the Docker Engine - Enterprise component of Docker Enterprise.

via CLI:

Linux: Execute the following commands as a trusted user on the host operating system:

Open "/etc/docker/daemon.json" for editing. If the file doesn't exist, it must be created.

Set the "log-opts" object and its "max-size" and "max-file" properties according to values defined in the SSP.

Save the file. Restart the Docker daemon.

Check Contents

This check only applies to the Docker Engine - Enterprise component of Docker Enterprise.

via CLI:

Linux: Execute the following commands as a trusted user on the host operating system:

cat /etc/docker/daemon.json

Verify that the "log-opts" object includes the "max-size" and "max-file" properties and that they are set according to requirements specified in the SSP. If they are not configured according to values defined in the SSP, this is a finding.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments