fix: Update ID for Docker CIS-1.3.1 Benchmarks (#123)

1. Have updated the id for docker cis-1.3.1 controls such that the docker-bench report populates the correct docker-bench community edition 2. Have updated the few checks title as per the documentation
aquasecurity · Mar 22, 2024 · a493aa3 · a493aa3
1 parent 0bb4f0c
commit a493aa3
Showing 1 changed file with 16 additions and 9 deletions.
diff --git a/cfg/cis-1.3.1/definitions.yaml b/cfg/cis-1.3.1/definitions.yaml
@@ -1,6 +1,6 @@
 ---
 controls:
-id: "20.04"
+id: "20.10"
 description: "CIS Docker Community Edition Benchmark"
 groups:
 - id: 1
@@ -22,6 +22,7 @@ groups:
       you should use the Logical Volume Manager (LVM)
       within Linux to create a new partition.
     scored: true
+
   - id: 1.1.2
     description: "Ensure only trusted users are allowed to control Docker daemon (Automated)"
     audit: "getent group docker"
@@ -322,6 +323,7 @@ groups:
       If you have other security guidelines or regulatory requirements 
       to adhere to, please follow them as suitable in your environment. 
     scored: false
+
   - id: 1.2.2
     description: "Ensure that the version of Docker is up to date (Manual)"  
     type: manual
@@ -472,7 +474,7 @@ groups:
     scored: true
 
   - id: 2.8
-    description: "Ensure the default ulimit is configured appropriately (Manual))"
+    description: "Ensure the default ulimit is configured appropriately (Manual)"
     audit: "ps -ef | grep dockerd"
     type: manual
     tests:
@@ -690,7 +692,7 @@ groups:
   description: "Docker daemon configuration files"
   checks:
   - id: 3.1
-    description: "Ensure that docker.service file ownership is set to root:root (Automated)"
+    description: "Ensure that the docker.service file ownership is set to root:root (Automated)"
     audit: systemctl show -p FragmentPath docker.service | cut -d= -f2 | xargs stat -c "%N %U:%G"
     tests:
       test_items:
@@ -763,7 +765,7 @@ groups:
     scored: true
 
   - id: 3.5
-    description: "Ensure that /etc/docker directory ownership is set to root:root (Automated)"
+    description: "Ensure that the /etc/docker directory ownership is set to root:root (Automated)"
     audit: stat -c "%N %U:%G" /etc/docker
     tests:
       test_items:
@@ -852,7 +854,7 @@ groups:
     scored: true
 
   - id: 3.12
-    description: "Ensure that Docker server certificate file permissions are set to 444 or more restrictive (Automated)"
+    description: "Ensure that the Docker server certificate file permissions are set to 444 or more restrictive (Automated)"
     type: manual
     remediation: |
       You should execute the command below:
@@ -861,7 +863,7 @@ groups:
     scored: true
 
   - id: 3.13
-    description: "Ensure that Docker server certificate key file ownership is set to root:root (Automated)"
+    description: "Ensure that the Docker server certificate key file ownership is set to root:root (Automated)"
     type: manual
     remediation: |
       You should execute the following command:
@@ -880,7 +882,7 @@ groups:
     scored: true
 
   - id: 3.15
-    description: "Ensure that Docker socket file ownership is set to root:docker (Automated)"
+    description: "Ensure that the Docker socket file ownership is set to root:docker (Automated)"
     audit: stat -c "%N %U:%G" /var/run/docker.sock
     tests:
       test_items:
@@ -894,7 +896,7 @@ groups:
     scored: true
 
   - id: 3.16
-    description: "Ensure that Docker socket file permissions are set to 660 or more restrictive (Automated)"
+    description: "Ensure that the Docker socket file permissions are set to 660 or more restrictive (Automated)"
     audit: stat -c "%N permissions=%a" /var/run/docker.sock
     tests:
       test_items:
@@ -910,7 +912,7 @@ groups:
     scored: true
 
   - id: 3.17
-    description: "Ensure that daemon.json file ownership is set to root:root (Automated)"
+    description: "Ensure that the daemon.json file ownership is set to root:root (Automated)"
     audit: stat -c "%N %U:%G" $docker-config-file
     tests:
       test_items:
@@ -950,6 +952,7 @@ groups:
       chown root:root /etc/default/docker
       This sets the ownership and group-ownership for the file to root.
     scored: true
+
   - id: 3.20
     description: "Ensure that /etc/sysconfig/docker file permissions are set to 644 or more restrictive (Automated)"
     audit: stat -c "%N permissions=%a" /etc/sysconfig/docker
@@ -965,6 +968,7 @@ groups:
       chmod 644 /etc/sysconfig/docker
       This sets the file permissions for this file to 644.
     scored: true
+
   - id: 3.21
     description: "Ensure that the /etc/sysconfig/docker file ownership is set to root:root (Automated)"
     audit: stat -c "%N %U:%G" /etc/sysconfig/docker
@@ -977,6 +981,7 @@ groups:
       chown root:root /etc/sysconfig/docker
       This  sets the ownership and group-ownership for the file to root .
     scored: true
+
   - id: 3.22
     description: "Ensure that /etc/default/docker file permissions are set to 644 or more restrictive (Automated)"
     audit: stat -c "%N permissions=%a" /etc/default/docker
@@ -992,6 +997,7 @@ groups:
       chmod 644 /etc/default/docker
       This sets the file permissions for this file to 644.
     scored: true
+
   - id: 3.23
     description: "Ensure that the Containerd socket file ownershi is set to root:root (Automated)"
     audit: stat -c "%N %U:%G" /run/containerd/containerd.sock
@@ -1004,6 +1010,7 @@ groups:
       chown root:root /run/containerd/containerd.sock
       This sets the ownership to root and group ownership to root for the default Containerd socket file.
     scored: true
+
   - id: 3.24
     description: "Ensure that the Containerd socket file permissions are set to 660 or more restrictive (Automated)"
     audit: stat -c "%N permissions=%a" /run/containerd/containerd.sock