Docker Enterprise exec commands must not be used with privileged option.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-95661	DKER-EE-002080	SV-104799r2_rule		High

Description
Do not use docker exec with --privileged option. Using --privileged option in docker exec gives extended Linux capabilities to the command. Do not run docker exec with the --privileged option, especially when running containers with dropped capabilities or with enhanced restrictions. By default, docker exec command runs without --privileged option.

STIG	Date
Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide	2019-09-13

Details

Check Text ( C-94489r1_chk )
This check only applies to the use of Docker Engine - Enterprise on a Linux host operating system and should be executed on all nodes in a Docker Enterprise cluster. Ensure the default seccomp profile is not disabled, if applicable. via CLI: Linux: As a trusted user on the host operating system, use the below command to filter out docker exec commands that used --privileged option. sudo ausearch -k docker \| grep exec \| grep privileged If there are any in the output, then this is a finding.

Check Text ( C-94489r1_chk )

This check only applies to the use of Docker Engine - Enterprise on a Linux host operating system and should be executed on all nodes in a Docker Enterprise cluster.

Ensure the default seccomp profile is not disabled, if applicable.

via CLI:

Linux: As a trusted user on the host operating system, use the below command to filter out docker exec commands that used --privileged option.

sudo ausearch -k docker | grep exec | grep privileged

If there are any in the output, then this is a finding.

Fix Text (F-101327r1_fix)
This fix only applies to the use of Docker Engine - Enterprise on a Linux host operating system. Do not use --privileged option in docker exec command. A reference for the docker exec command can be found at https://docs.docker.com/engine/reference/commandline/exec/.