Ansible role to harden out-of-the-box Docker installation. Initial version is dedicated for VMware PhotonOS installation based on CIS Docker Community Edition benchmark
Please note this is an early stage version of the role. This role harden the configuration of PhotonOS minimal installation based on results of the scan.
- VMware PhotonOS 2.0
This role implements benchmark v1.1.0 for Docker Community Edition
Root account must be configured and accessible for this version This role should be used only on fresh PhotonOS installation
docker-py >= 1.7.0 This role uses [docker-bench-security] for CIS benchmark
ansible-galaxy install WojciechowskiPiotr.docker-CIS-hardening
An example how to use the role in the playbook
---
- name: Updating and hardening PhotonOS Docker installation based on CIS
hosts: all
remote_user: root
gather_facts: no
vars:
request_debug_output: false
roles:
- docker-CIS-hardening
The role is thoroughly tagged so that you can run certain sections or certain levels of checks:
Test only items from section 4
ansible-playbook -i hosts -C playbook.yml -t section4
Apply changes only from items in section 4, 5, and 6
ansible-playbook -i hosts playbook.yml -t section4,section5,section6