Home
Mapping Frameworks
Azure Home
Docker Host Hardening

Azure docker_host_hardening Mappings

Azure Security Center identifies unmanaged containers hosted on IaaS Linux VMs, or other Linux machines running Docker containers. Security Center continuously assesses the configurations of these containers. It then compares them with the Center for Internet Security (CIS) Docker Benchmark. Security Center includes the entire ruleset of the CIS Docker Benchmark and alerts you if your containers don't satisfy any of the controls. When it finds misconfigurations, Security Center generates security recommendations.

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name	Notes
docker_host_hardening	Docker Host Hardening	detect	minimal	T1525	Implant Container Image	Comments This control may alert on Docker containers that are misconfigured or do not conform to CIS Docker Benchmarks. This may result in detection of container images implanted within Linux VMs with specific vulnerabilities or misconfigurations for malicious purposes. References https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts
docker_host_hardening	Docker Host Hardening	protect	minimal	T1548	Abuse Elevation Control Mechanism	Comments This control is only relevant for Linux endpoints containing Docker containers. References https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts
docker_host_hardening	Docker Host Hardening	protect	minimal	T1548.001	Setuid and Setgid	Comments This control may provide recommendations to remove setuid and setguid permissions from container images. It may not be feasible to audit and remediate all binaries that have and require setuid and setguid permissions. References
docker_host_hardening	Docker Host Hardening	protect	minimal	T1068	Exploitation for Privilege Escalation	Comments This control may provide recommendations on how to reduce the surface area and mechanisms by which an attacker could escalate privileges. References https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts
docker_host_hardening	Docker Host Hardening	protect	minimal	T1040	Network Sniffing	Comments This control may recommend usage of TLS to encrypt communication between the Docker daemon and clients. This can prevent possible leakage of sensitive information through network sniffing. References https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts
docker_host_hardening	Docker Host Hardening	protect	minimal	T1083	File and Directory Discovery	Comments This control may provide recommendations to ensure sensitive host system directories are not mounted in the container. References https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts
docker_host_hardening	Docker Host Hardening	protect	minimal	T1021	Remote Services	Comments References https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts
docker_host_hardening	Docker Host Hardening	protect	minimal	T1021.004	SSH	Comments This control may provide recommendations to ensure sshd is not running within Docker containers. This can prevent attackers from utilizing unmonitored SSH servers within containers. This may not prevent attackers from installing a SSH server in containers or hosts. References
docker_host_hardening	Docker Host Hardening	protect	minimal	T1005	Data from Local System	Comments This control may provide recommendations that limit the ability of an attacker to gain access to a host from a container, preventing the attacker from discovering and compromising local system data. References https://docs.microsoft.com/en-us/azure/security-center/harden-docker-hosts