- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
",t};e.buildCustomizationMenuUi=t;function n(e){let t='
",t}function s(e){let n=e.filter.currentValue||e.filter.defaultValue,t='${e.filter.label}
`,e.filter.options.forEach(s=>{let o=s.id===n;t+=``}),t+="${e.filter.label}
`,t+=`Classification:
compliance
Framework:
cis-docker
Control:
2.3
Set up the docker integration.
The iptables
firewall is used to set up, maintain, and inspect the tables of IP packet filter rules within the Linux kernel. The Docker daemon should be allowed to make changes to the iptables
ruleset.
Docker will not make changes to your system iptables
rules unless you allow it to do so. If you do allow this, Docker server will automatically make any required changes. You should let Docker make changes to iptables
automatically in order to avoid networking misconfigurations that could affect the communication between containers and with the outside world. Additionally, this reduces the administrative overhead of updating iptables
every time you add containers or modify networking options.
To confirm that the Docker daemon is allowed to change the iptables
ruleset, review the dockerd
startup options and the settings in /etc/docker/daemon.json
. To review the dockerd
startup options, run:
ps -ef | grep dockerd
Ensure that the --iptables
parameter is either not present or not set to false
. Also review the /etc/docker/daemon.json
file to check that the iptables
setting is not set to false
.
Do not run the Docker daemon with --iptables=false
parameter.
The Docker daemon service requires iptables
rules to be enabled before it starts. Any restarts of iptables
during Docker daemon operation may result in losing Docker-created rules. Adding iptables-persistent
to your iptables
install can mitigate.
By default, iptables
is set to true.
Version 6.5 Controlled Use of Administration Privileges