Which is harder Java or NET

Hardening your Docker hosts

  • 2 minutes to read

Azure Security Center identifies unmanaged containers hosted on IaaS Linux VMs or other Linux computers running Docker containers. Security Center continuously evaluates the configurations of these containers. They are then compared to the Center for Internet Security (CIS) Docker benchmark.

Security Center includes the entire set of rules of the CIS Docker benchmark and notifies you as soon as your containers do not meet one of the controls. If misconfigurations are found, Security Center generates security recommendations. Use the side recommendations in Security Center to view recommendations and troubleshoot issues.

If security risks are found, they are grouped into a single recommendation.

Note

These CIS benchmarks cannot be run on AKS or Databricks managed VMs.

Availability

aspectDetails
Release status:General availability (GA)
Prices:Requires Azure Defender for Server
Required roles and permissions:reader in the workspace to which the host is connected
Clouds: Commercial clouds
National / Sovereign (US Gov, China Gov, other Gov)

Identify and fix security risks in the Docker configuration

  1. Open the page from the Security Center menu recommendations.

  2. Filter on the recommendation Security risks in container security configurations should be addressedand select that recommendation.

    The affected resources (Docker hosts) are displayed on the recommendation page.

  3. To view and troubleshoot the CIS controls for a particular host that has failed, select the host to scan.

    tip

    If you started on the resource inventory page and made this recommendation from there, choose the button Take action on the recommendation page.

    Log Analytics will open showing a custom operation that can be performed out of the box. The default custom query contains a list of all the malfunctioning rules that have been evaluated and instructions on how to resolve the issues.

  4. Optimize the query parameters if necessary.

  5. When you are sure the command is appropriate and ready for your host, select To run out.

Next Steps

Docker hardening is just one aspect of Security Center's container security features.

Learn more about container security in Security Center.