-
Epic
-
Resolution: Unresolved
-
Medium
-
None
-
Containers configured per secure recommendation
-
3
The Integration team must implement the following configurations specified in CIS Docker Benchmark v1.2.0 in the Docker environment.
- Recommendations 1.2.1 – 1.2.12 in Section 1.2 Linux Hosts Specific Configuration in the Docker environment.
- Recommendations 2.1 – 2.17 in Section 2 Docker daemon configuration in the Docker environment.
- Recommendations 3.1 – 3.22 In Section 3 Docker daemon configuration files in the Docker environment.
Each project team must configure the build and run time Docker images in compliance with the following CIS Docker Benchmark v1.2.0 recommendations.
- Recommendations 4.1 – 4.4, 4.6, 4.7, 4.9 – 4.10 in Section 4 Container Images and Build File Configuration (all Level 1 requirements)
- Recommendations 5.1, 5.3 – 5.17 in Section 5 Container Runtime Configuration (about half of the Level 1 requirements)
It is recommended that each project team implement all of the Level 1 recommendations in Section 5 of the CIS Docker Benchmark v1.2.0.
Notes: The project has to make sure that the containers they build will run in an environment that implements the controls specified in sections 4 and 5.
5.1: Ensure that, if applicable, an AppArmor Profile is enabled
- Test that your container runs properly on a host that has AppArmor installed with the default Container profile enabled
5.3: Ensure that Linux kernel capabilities are restricted within containers
- Ideally, your containers should run with the default Docker restrictions in place. If your container needs additional linux kernel capabilities, these must be documented in the release notes
5.17: Ensure that host devices are not directly exposed to containers
- Specifically containers must be started with the ability to create a device file (mknod) disabled
CSI Docker Benchmark v.1.2.0 attached for implementation and testing instructions.
- clones
-
REQ-1
ONAP Requirement Template
-
- To Do
-
-
REQ-537
Long-term IPv4/IPv6 dual stack networking support
-
- Done
-
- is blocked by
-
POLICY-2328
Containers configured per secure recommendations
-
- Closed
-
-
AAI-2798 Secure containers per SECCOM REQ-215
-
- Closed
-
-
SO-2519
TSC must have for Frankfurt
-
- Closed
-
-
-
- Closed
-
- is cloned by
-
APPC-1829
Containers configured per secure recommendation - Clone from REQ-215
-
- Closed
-
-
CCSDK-2033
Containers configured per secure recommendation
-
- Closed
-
-
DCAEGEN2-2035
Containers configured per secure recommendation
-
- Closed
-
-
DMAAP-1380
Containers configured per secure recommendation
-
- Closed
-
-
MODELING-294
Containers configured per secure recommendation
-
- Closed
-
-
-
- Closed
-
-
PORTAL-832
Containers configured per secure recommendations
-
- Closed
-
-
SDNC-1018
Containers configured per secure recommendation
-
- Closed
-
-
VNFSDK-535
Containers configured per secure recommendation
-
- Closed
-
- relates to
-
CLAMP-625
CLAMP containers configured per secure recommendation
-
- Closed
-
-
MODELING-294
Containers configured per secure recommendation
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
AAI-2822
Containers should not run by default as root
-
- Closed
-
-
AAI-2172
Change to use non-root user for containers
-
- Closed
-
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-