-
Epic
-
Resolution: Unresolved
-
Medium
-
None
-
Containers configured per secure recommendation
-
3
The Integration team must implement the following configurations specified in CIS Docker Benchmark v1.2.0 in the Docker environment.
- Recommendations 1.2.1 – 1.2.12 in Section 1.2 Linux Hosts Specific Configuration in the Docker environment.
- Recommendations 2.1 – 2.17 in Section 2 Docker daemon configuration in the Docker environment.
- Recommendations 3.1 – 3.22 In Section 3 Docker daemon configuration files in the Docker environment.
Each project team must configure the build and run time Docker images in compliance with the following CIS Docker Benchmark v1.2.0 recommendations.
- Recommendations 4.1 – 4.4, 4.6, 4.7, 4.9 – 4.10 in Section 4 Container Images and Build File Configuration (all Level 1 requirements)
- Recommendations 5.1, 5.3 – 5.17 in Section 5 Container Runtime Configuration (about half of the Level 1 requirements)
It is recommended that each project team implement all of the Level 1 recommendations in Section 5 of the CIS Docker Benchmark v1.2.0.
Notes: The project has to make sure that the containers they build will run in an environment that implements the controls specified in sections 4 and 5.
5.1: Ensure that, if applicable, an AppArmor Profile is enabled
- Test that your container runs properly on a host that has AppArmor installed with the default Container profile enabled
5.3: Ensure that Linux kernel capabilities are restricted within containers
- Ideally, your containers should run with the default Docker restrictions in place. If your container needs additional linux kernel capabilities, these must be documented in the release notes
5.17: Ensure that host devices are not directly exposed to containers
- Specifically containers must be started with the ability to create a device file (mknod) disabled
CSI Docker Benchmark v.1.2.0 attached for implementation and testing instructions.
- clones
-
REQ-1 ONAP Requirement Template
- To Do
-
REQ-537 Long-term IPv4/IPv6 dual stack networking support
- Done
- is blocked by
-
POLICY-2328 Containers configured per secure recommendations
- Closed
-
AAI-2798 Secure containers per SECCOM REQ-215
- Closed
-
SO-2519 TSC must have for Frankfurt
- Closed
-
VFC-1624 Containers configured per secure recommendation
- Closed
- is cloned by
-
APPC-1829 Containers configured per secure recommendation - Clone from REQ-215
- Closed
-
CCSDK-2033 Containers configured per secure recommendation
- Closed
-
DCAEGEN2-2035 Containers configured per secure recommendation
- Closed
-
DMAAP-1380 Containers configured per secure recommendation
- Closed
-
MODELING-294 Containers configured per secure recommendation
- Closed
-
MULTICLOUD-976 Containers configured per secure recommendations
- Closed
-
PORTAL-832 Containers configured per secure recommendations
- Closed
-
SDNC-1018 Containers configured per secure recommendation
- Closed
-
VNFSDK-535 Containers configured per secure recommendation
- Closed
- relates to
-
CLAMP-625 CLAMP containers configured per secure recommendation
- Closed
-
MODELING-294 Containers configured per secure recommendation
- Closed
-
OPTFRA-680 Containers configured per secure recommendation
- Closed
-
VID-753 Containers configured per secure recommendation
- Closed
-
VVP-371 Containers configured per secure recommendation
- Closed
-
AAI-2822 Containers should not run by default as root
- Closed
-
AAI-2172 Change to use non-root user for containers
- Closed
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...