Fatskills
Practice. Master. Repeat.
Study Guide: Docker Docker Security Docker Bench Security CIS Benchmark
Source: https://www.fatskills.com/kubernetes/chapter/docker-docker-security-docker-bench-security-cis-benchmark

Docker Docker Security Docker Bench Security CIS Benchmark

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~3 min read

1. Core Command / Concept

Docker Bench Security (CIS Benchmark) scans and reports on Docker host security configuration. docker run -d --name docker-bench-security docker/docker-bench-security

2. Step-by-Step

  1. Check if Docker Bench Security is installed: docker images | grep docker-bench-security
    Output: A list of images, including docker-bench-security.
  2. Run Docker Bench Security in detached mode: docker run -d --name docker-bench-security docker/docker-bench-security
    Output: A container ID.
  3. Check the container status: docker ps -a | grep docker-bench-security
    Output: The container status (e.g., "Up 5 seconds").
  4. Stop and remove the container: docker stop docker-bench-security ⚠️ This deletes all stopped containers.
    docker rm docker-bench-security

3. Real Commands with Examples


Example 1: Run Docker Bench Security with a specific configuration file

Purpose: Customize the Docker Bench Security scan.
Command: docker run -d --name docker-bench-security -v /path/to/config:/etc/docker-bench-security docker/docker-bench-security Flags: -v mounts a volume to the container, /etc/docker-bench-security is the default configuration directory.

Example 2: Run Docker Bench Security with a specific output format

Purpose: Change the output format of the Docker Bench Security scan.
Command: docker run -d --name docker-bench-security -e OUTPUT_FORMAT=JSON docker/docker-bench-security Flags: -e sets an environment variable, OUTPUT_FORMAT is the variable name, JSON is the value.

Example 3: Run Docker Bench Security with a specific log level

Purpose: Change the log level of the Docker Bench Security scan.
Command: docker run -d --name docker-bench-security -e LOG_LEVEL=DEBUG docker/docker-bench-security Flags: -e sets an environment variable, LOG_LEVEL is the variable name, DEBUG is the value.

4. Common Errors


Error 1: "Error: unable to find image 'docker/docker-bench-security' locally"

Why it happens: The Docker Bench Security image is not installed.
Fix: docker pull docker/docker-bench-security

Error 2: "Error: unable to start container 'docker-bench-security': OCI runtime create failed"

Why it happens: The container cannot be started due to a configuration issue.
Fix: Check the container configuration and try again.

Error 3: "Error: unable to access '/etc/docker-bench-security/config.yml'"

Why it happens: The configuration file is not accessible.
Fix: Check the file permissions and try again.

5. Quick Checks


Scenario 1: Check if Docker Bench Security is installed

Situation: You want to verify if Docker Bench Security is installed.
Command: docker images | grep docker-bench-security Correct response: A list of images, including docker-bench-security.

Scenario 2: Check the Docker Bench Security container status

Situation: You want to verify if the Docker Bench Security container is running.
Command: docker ps -a | grep docker-bench-security Correct response: The container status (e.g., "Up 5 seconds").

Scenario 3: Check the Docker Bench Security scan results

Situation: You want to verify if the Docker Bench Security scan has completed.
Command: docker logs docker-bench-security Correct response: A list of scan results.

6. Last-Minute Reference

• Docker Bench Security image name: docker/docker-bench-security • Default configuration directory: /etc/docker-bench-security • Default output format: TEXT • Default log level: INFO • ⚠️ Docker Bench Security container name: docker-bench-security • ⚠️ Docker Bench Security image tag: latest • ⚠️ Docker Bench Security configuration file: /etc/docker-bench-security/config.yml




ADVERTISEMENT