Configuring scans on Docker containers
Available from 9.2.5. In some Docker environments, you might need to perform additional steps to specify a non-default installation path, or to exclude directories from scanning.
Note: To check whether the Docker is installed in the default installation path, run the following
command.
$ docker version
If the result of the command is a Docker version,
the Docker is installed in the default installation path. Any other outcome indicates that the
Docker is installed in a non-default path.- Specifying a non-default installation path for Docker
- If Docker is installed in a non-default path, add this path as a setting of the BigFix client, so that the software can be successfully discovered.
- Log in to the BigFix console, and click .
- Right-click on the computer that has the Docker installed, and click Edit Computer Settings.
- Add a computer setting. Specify the name as
DOCKER_EXEC
, and provide an absolute path as the value, for example /usr/bin/docker.
- Specifying additional command options
- By default, the scan runs the Docker command without any options. If you want to use additional
options provided by Docker, for example -H (daemon socket to connect to), add these options as a new
setting of the BigFix client. Enter all options
in one setting.
- Log in to the BigFix console, and click .
- Right-click on the computer that has the Docker installed, and click Edit Computer Settings.
- Add a computer setting. Specify the name as
DOCKER_OPTS
, and provide options as the value, for example -H unix:///var/run/docker.sock.
- Excluding directories from scans
- The default Docker file system directory
/var/lib/docker
is excluded from scanning.