mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00

Files

T

mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal

- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md

2026-03-11 00:22:12 +01:00

1.9 KiB

Raw Blame History

API Reference: Docker Daemon Configuration Hardening

daemon.json Location

Linux: /etc/docker/daemon.json
Windows: C:\ProgramData\docker\config\daemon.json

Recommended daemon.json

{
  "icc": false,
  "live-restore": true,
  "userland-proxy": false,
  "no-new-privileges": true,
  "userns-remap": "default",
  "log-driver": "json-file",
  "log-opts": {"max-size": "10m", "max-file": "3"},
  "tls": true,
  "tlsverify": true,
  "tlscacert": "/etc/docker/ca.pem",
  "tlscert": "/etc/docker/server-cert.pem",
  "tlskey": "/etc/docker/server-key.pem"
}

CIS Docker Benchmark — Daemon Settings

CIS #	Setting	Recommendation
2.1	`icc`	Set to `false`
2.2	`live-restore`	Set to `true`
2.3	`userland-proxy`	Set to `false`
2.4	`no-new-privileges`	Set to `true`
2.6	TLS	Enable with certificates
2.8	`userns-remap`	Set to `default`
2.12	Logging	Configure centralized logging

File Permission Checks

File	Permissions
`/etc/docker/daemon.json`	644
`/var/run/docker.sock`	660
`/etc/docker/certs.d/`	444
Docker service files	644

Docker Socket Security

Check permissions

ls -la /var/run/docker.sock
# srw-rw---- 1 root docker 0 ... /var/run/docker.sock

Restrict group access

chmod 660 /var/run/docker.sock
chown root:docker /var/run/docker.sock

Content Trust (Image Signing)

Enable globally

export DOCKER_CONTENT_TRUST=1

In daemon.json

{"content-trust": {"mode": "enforced"}}

Docker Info Command

docker info --format '{{json .}}'

Key Fields

Field	Description
`SecurityOptions`	seccomp, apparmor, userns
`LiveRestoreEnabled`	Live restore status
`RegistryConfig.InsecureRegistryCIDRs`	Insecure registries
`ServerVersion`	Docker version

1.9 KiB Raw Blame History

API Reference: Docker Daemon Configuration Hardening

daemon.json Location

Recommended daemon.json

CIS Docker Benchmark — Daemon Settings

File Permission Checks

Docker Socket Security

Check permissions

Restrict group access

Content Trust (Image Signing)

Enable globally

In daemon.json

Docker Info Command

Key Fields

1.9 KiB

Raw Blame History