Dockerdevops~30 mins

Security benchmarks (CIS Docker) - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Security Benchmarks with CIS Docker

📖 Scenario: You are a DevOps engineer responsible for improving the security of Docker containers in your company. You want to apply CIS Docker Benchmarks to check your Docker setup against best security practices.

🎯 Goal: Build a simple Docker environment and run CIS Docker Benchmarks to identify security issues.

📋 What You'll Learn

Create a Docker container running a basic web server

Add a configuration variable to specify the container name

Run the CIS Docker Benchmarks tool on the container

Display the benchmark results in the console

💡 Why This Matters

🌍 Real World

Docker containers are widely used in software deployment. Ensuring their security with CIS Benchmarks helps prevent vulnerabilities and attacks.

💼 Career

DevOps engineers and security professionals use CIS Docker Benchmarks to audit and improve container security in production environments.

Progress0 / 4 steps

Create a Docker container running nginx

Write a Docker command to run an nginx container named webserver in detached mode.

Docker

# Run the nginx container named webserver in detached mode
# Your code here

Need a hint?

Use docker run -d --name webserver nginx to start the container in the background.

Add a variable for container name

Create a shell variable called CONTAINER_NAME and set it to webserver.

Docker

docker run -d --name webserver nginx
# Create a variable CONTAINER_NAME with value webserver
# Your code here

Need a hint?

Use CONTAINER_NAME=webserver to create the variable.

Run CIS Docker Benchmarks on the container

Run the CIS Docker Benchmarks using the docker run command with the official docker/docker-bench-security image.

Docker

docker run -d --name webserver nginx
CONTAINER_NAME=webserver
# Run CIS Docker Benchmarks targeting $CONTAINER_NAME
# Your code here

Need a hint?

Use the official docker/docker-bench-security image with required volumes and flags.

Display the CIS Docker Benchmarks results

Print the output of the CIS Docker Benchmarks command to the console so you can see the security check results.

Docker

docker run -d --name webserver nginx
CONTAINER_NAME=webserver
docker run -it --net host --pid host --cap-add audit_control \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /usr/lib/systemd:/usr/lib/systemd \
  -v /etc:/etc \
  docker/docker-bench-security
# The command above already prints results to console
# Your code here if needed

Need a hint?

The docker/docker-bench-security container prints results directly to the console.