Configure Docker CE engine to be CIS compliant. Level 1 and 2 findings will be corrected by default.
This role will make changes to the system that could break things. This is not an auditing tool but rather a remediation tool to be used after an audit has been conducted.
If you want to install this via the ansible-galaxy
command you'll need to run it like this:
ansible-galaxy install -p roles -r requirements.yml
With this in the file requirements.yml:
- src: https://github.com/florianutz/DockerCE-CIS.git
You should carefully read through the tasks to make sure these changes will not break your systems before running this playbook.
There are many role variables defined in defaults/main.yml. This list shows the most important.
cis_rule_1_1: false
cis_rule_2_1: "false"
cis_rule_2_2: "info"
cis_rule_2_3: "true"
cis_rule_2_8: "default"
cis_rule_2_14: "true"
cis_rule_2_15: "false"
cis_rule_2_17: !unsafe docker version --format '{{ .Server.Experimental }}'
cis_rule_2_18: "true"
Ansible > 2.2
- name: Harden DOcker CE engine
hosts: servers
become: yes
roles:
- DockerCE-CIS
MIT