Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon

Using Docker Bench to Enhance Container Security

This lab allows the student to explore the Docker Bench utility for hardening Docker installations. The student gains access to the lab server via SSH, and clones the Docker Bench repo from Then the student executes the bench utility, views the report, and then enables auditing of the Docker Daemon. After enabling auditing, the utility is run again and the new report is compared with the old.

Google Cloud Platform icon

Path Info

Clock icon Beginner
Clock icon 30m
Clock icon Nov 14, 2018

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Clone the Docker Bench repo from GitHub into the current working directory.

    Clone the docker bench repo from GitHub:

    $ git clone
  2. Challenge

    Change directory to the docker-bench-security directory and run the docker-bench-security script.

    Change your present working directory to docker-bench-security:

    $ cd docker-bench-security

    Using superuser permissions execute the shell script and redirect standard output to a file called /tmp/bench1.out

    $ sudo sh > /tmp/bench1.out

    *The sudo command will prompt your for the cloud_user password

    After running the report, you may look at the contents with the Linux more command:

    $ more /tmp/bench1.out

  3. Challenge

    Update the audit rules on the server to include auditing the Docker Daemon

    To list the rules already setup on the host, you may enter:

    $ sudo auditctl -l

    Use the auditctl command to add a rule to audit the Docker files in /var/lib/docker:

    $ sudo auditctl -w /var/lib/docker -k "docker lib"

    This will setup auditing on the docker daemon. To check you may enter the -l command again.

    $ sudo auditctl -l
  4. Challenge

    Run the Docker Bench security utility again and compare the output with the first run.

    Now run the docker bench utility again and direct output to /tmp/bench2.out:

    $ sudo sh > /tmp/bench2.out

    To view the new report contanets, you may use the more command again.

    $ more /tmp/bench2.out

    Now use the Linux diff command to compare the output from the first run in bench1.out to the second run in bench2.out:

    $ diff /tmp/bench1.out /tmp/bench2.out

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans