Auditing Docker Runtime and Endpoints

  • Checking for the docker daemon configuration
docker system info

docker system info

  • Checking for the docker API exposed on 0.0.0.0
sudo cat /lib/systemd/system/docker.service

docker using tcp socket

  • Checking if the docker socket is mounted to any running container
docker inspect | grep -i '/var/run/'

docker inspect for socket

  • Checking other files and data related to docker
sudo ls -l /var/lib/docker/

docker system files and data