CIS Docker Benchmark v1.7.0

grep '/var/lib/docker\s' /proc/mounts 

mountpoint -- "$(docker info -f '{{ .DockerRootDir }}')" 

getent group docker 

auditctl -l | grep /usr/bin/dockerd 

-w /usr/bin/dockerd -k docker 

systemctl restart auditd 

auditctl -l | grep /run/containerd 

-a exit,always -F path=/run/containerd -F perm=war -k docker 

systemctl restart auditd

auditctl -l | grep /var/lib/docker 

-a exit,always -F path=/var/lib/docker -F perm=war -k docker 
-a exit,never -F dir=/var/lib/docker/volumes 
-a exit,never -F dir=/var/lib/docker/overlay2 

-a exit,always -F path=/var/lib/docker -F perm=war -k docker 
-a exit,never -F dir=/var/lib/docker/165536.165536/volumes 
-a exit,never -F dir=/var/lib/docker/165536.165536/overlay2 

systemctl restart auditd 

auditctl -l | grep /etc/docker 

-w /etc/docker -k docker 

systemctl restart auditd 

systemctl show -p FragmentPath docker.service 

auditctl -l | grep docker.service 

-w /usr/lib/systemd/system/docker.service -k docker 

systemctl restart auditd 

grep 'containerd.sock' /etc/containerd/config.toml 

auditctl -l | grep containerd.sock 

-w /run/containerd/containerd.sock -k docker 

systemctl restart auditd 

systemctl show -p FragmentPath docker.sock 

grep ListenStream <FragmentPath from previous step>

auditctl -l | grep docker.sock 

-w /var/run/docker.sock -k docker

systemctl restart auditd 

auditctl -l | grep /etc/default/docker 

 -w /etc/default/docker -k docker 

systemctl restart auditd 

auditctl -l | grep /etc/docker/daemon.json 

-w /etc/docker/daemon.json -k docker 

systemctl restart auditd 

auditctl -l | grep /etc/containerd/config.toml 

-w /etc/containerd/config.toml -k docker 

systemctl restart auditd 

auditctl -l | grep /etc/sysconfig/docker 

-w /etc/sysconfig/docker -k docker 

systemctl restart auditd 

auditctl -l | grep /usr/bin/containerd 

-w /usr/bin/containerd -k docker 

systemctl restart auditd 

auditctl -l | grep /usr/bin/containerd-shim 

-w /usr/bin/containerd-shim -k docker 

systemctl restart auditd 

auditctl -l | grep /usr/bin/containerd-shim-runc-v1 

-w /usr/bin/containerd-shim-runc-v1 -k docker 

systemctl restart auditd 

auditctl -l | grep /usr/bin/containerd-shim-runc-v2 

-w /usr/bin/containerd-shim-runc-v2 -k docker 

systemctl restart auditd 

auditctl -l | grep /usr/bin/runc 

-w /usr/bin/runc -k docker 

systemctl restart auditd

docker version