- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
",t};e.buildCustomizationMenuUi=t;function n(e){let t='
",t}function s(e){let n=e.filter.currentValue||e.filter.defaultValue,t='${e.filter.label}
`,e.filter.options.forEach(s=>{let o=s.id===n;t+=``}),t+="${e.filter.label}
`,t+=`Classification:
compliance
Framework:
cis-docker
Control:
5.5
Set up the docker integration.
You should not allow sensitive host system directories such as those listed below to be mounted as container volumes, especially in read-write mode. /
/boot
/dev
/etc
/lib
/proc
/sys
/usr
If sensitive directories are mounted in read-write mode, it is possible to make changes to files within them. This has obvious security implications and should be avoided.
Run this command: docker ps --quiet --all | xargs docker inspect --format '{{ .Id }}: Volumes={{ .Mounts }}'
This command returns a list of currently mapped directories and indicates whether they are mounted in read-write mode for each container instance.
Do not mount directories which are security sensitive on the host within containers, especially in read-write mode.
None
Docker defaults to using a read-write volume but you can also mount a directory read-only. By default, no sensitive host directories are mounted within containers.
Version 6
14 Controlled Access Based on the Need to Know Controlled Access Based on the Need to Know