Exposed Docker Socket (Port 2375 / 2376)
detect, harden, and verify closure

dockerd bound to 0.0.0.0:2375 for convenience

A developer or a legacy runbook asks for remote docker commands from a workstation, a CI runner, or a deployment laptop, and the daemon is started with -H tcp://0.0.0.0:2375 in /etc/docker/daemon.json, /etc/sysconfig/docker, /lib/systemd/system/docker.service, or a custom Compose file. The plaintext bind survives across reboots, image rebuilds, autoscaling events, and account migrations long after the original convenience reason is forgotten.

TLS on 2376 without --tlsverify

The daemon is configured with --tls, --tlscert, and --tlskey but without --tlsverify and --tlscacert. The TLS handshake completes, the operator believes the listener is hardened, and any caller that can reach 2376 can issue full daemon commands. Client-certificate enforcement is the difference between an authenticated remote API and a TLS-wrapped open daemon.

docker.sock mounted into containers

A pipeline stage, a Portainer instance, a Watchtower deployment, a Traefik label, a Jenkins or GitLab Runner pod, a GitHub Actions self-hosted runner, a Kubernetes pod with hostPath /var/run/docker.sock, or a developer-friendly base image binds /var/run/docker.sock into the container. Anything that runs inside the container, including a compromised dependency, a malicious base image layer, or a build step that pulls untrusted code, can now issue privileged commands against the host daemon.

CI/CD runners with root daemon access

Self-hosted GitHub Actions runners, GitLab Runners with the Docker executor, Jenkins agents with the docker-plugin or with docker.sock mounted, Drone CI runners, and TeamCity build agents commonly receive root-equivalent access to the host Docker daemon to support docker-in-docker workflows. A build job that runs untrusted PR code, an unpinned action, a build cache poisoning attack, or a dependency-confusion compromise of the build tooling turns into a host takeover.

Cloud security group rule too broad

An AWS security group, Azure NSG, GCP firewall rule, or DigitalOcean rule opens TCP 2375 (and 2376) to 0.0.0.0/0 during a Terraform run, a debug session, a vendor handoff, or a recovery exercise. The rule is never narrowed, and a public Docker daemon persists across image rebuilds, autoscaling events, and account migrations. Public-cloud attacker tooling continuously sweeps cloud netblocks for the pattern.

Unhardened orchestrator nodes

Swarm manager and worker nodes, standalone Docker hosts behind a managed service, and edge nodes running container workloads inherit the daemon defaults of whoever provisioned them. A Helm chart that mounts hostPath /var/run/docker.sock, a DaemonSet that needs the runtime socket for telemetry, or a node-image template that opens 2375 for orchestration tooling propagates the exposure across every node in the fleet at the same time.

Automated detection

• SecPortal's external scanner port-scan module probes TCP 2375 and 2376 across every verified domain and host in scope, identifies the responding service as the Docker remote API through HTTP banner detection on /version and /info, and raises a critical-severity finding under the rule that the Docker daemon should never be reachable from the public internet. TCP 2375 is tagged as a high-risk port in the scanner alongside 23, 139, 445, 3389, and 5900.
• Continuous monitoring re-runs the external scan on a schedule, so a security-group edit, a Terraform apply, an autoscale event, a CI runner refresh, or a recovered host that reopens 2375 or 2376 reopens the finding rather than leaving the regression invisible until the next audit cycle.
• Bulk import accepts Nessus, Burp, and CSV output from network-tier scanners and from Shodan and Censys exports that already list exposed Docker daemons, so the catalogue stays centralised even when a third-party tool is the original discovery source.

Manual verification

• Use nmap -p 2375,2376 with service detection (-sV) and the http-headers and http-title scripts against the external range to confirm the listener, the engine version, the API version, and whether the response advertises Docker on the HTTP banner.
• Issue curl -sk http://<host>:2375/version and curl -sk https://<host>:2376/version (without a client certificate) against each reachable listener. A populated JSON response with Version, ApiVersion, GoVersion, KernelVersion, Os, and Arch is proof of an unauthenticated or weakly authenticated daemon.
• For inside-the-cluster verification, run docker context ls, docker info, and grep -r docker.sock across Compose files, Helm charts, Kubernetes manifests, and CI runner configuration to enumerate every workload that mounts /var/run/docker.sock or expects the runtime socket as a hostPath volume.
• Cross-reference Shodan and Censys for the organisation's netblocks and known hostnames to see whether external observatories already list exposed Docker daemons, then reconcile that list against the verified-domain inventory inside the workspace.

Surface every Docker daemon listener on one finding record

External scanning and bulk import land every exposed-Docker-socket detection on the findings management record with CVSS, the discovered host, the captured /version response, the engine and API version, the scan timestamp, and the named owner so the catalogue is a single source of truth rather than a Shodan tab, a spreadsheet, and a Slack thread.

Inspect daemon configuration through authenticated scans

Where the team has authorisation, the authenticated scanning path reads the responding service in more detail and pairs the result with the per-host hardening record. Credentials for authenticated runs live in encrypted credential storage scoped to a verified domain so the same daemon secret is not copied across spreadsheets, chat threads, and pull-request bodies.

Run remediation as a tracked workflow

Each finding flows through the remediation tracking workflow with severity, target close date, named owner, and the agreed compensating control (for example, an inbound source allowlist while a private bastion is provisioned, or a temporary firewall rule while the docker-socket-proxy is rolled out). Permanent exceptions enter the eight-field exception register with a named approver, a rationale, an effective period, and a renewal cadence.

Verify the fix with retest

Once the firewall rule, security-group edit, daemon.json change, host retirement, or CI runner rebuild completes, the retesting workflow re-runs the external scan, confirms the daemon is gone or that the responding service now requires client-certificate authentication on a private interface, and stamps the closure with timestamped evidence rather than a verbal sign-off in a stand-up.

Catch regressions through continuous monitoring

Scheduled continuous monitoring re-scans of verified domains reopen the finding if a Docker daemon returns to the public internet, if a new self-hosted runner spins up with the daemon bound to 2375, or if a new cloud account joins the estate with an open Docker port. A Terraform apply, a runner refresh, an autoscaler event, or a recovered backup image does not silently reintroduce the exposure.

Pair the daemon finding with the docker.sock mount finding

Exposed Docker daemons and mounted /var/run/docker.sock inside CI runners and orchestrator pods are the same root-equivalence pattern with different network shapes. Treating them as one finding family on the workspace record, with the host or workload as the affected asset and the bind-mount or TCP listener as the evidence, keeps the queue ordered against real residual risk rather than reading two unrelated queues. The same record flows through container image vulnerability remediation and Kubernetes security finding remediation where appropriate.

Carry the audit trail through closure

The activity log records who opened, scoped, remediated, and verified each exposed-Docker-socket finding, so the next ISO 27001, SOC 2, PCI DSS, NIST CSF 2.0, or cyber insurance review reads the operating evidence from the record rather than from reconstructed memory, archived ticket exports, or screenshots taken weeks after the fact. The compliance tracking crosswalk maps each finding to the relevant control catalogue so audit fieldwork reads from the same record.

Communicate posture in leadership language

When runtime exposure sits inside a broader programme review, the Claude-drafted AI report composes a leadership-ready narrative from the open and closed findings, the remediation cadence, and the linked compliance evidence. The same record drives security leadership reporting without rebuilding the slide deck by hand each quarter.

Standalone Docker hosts on cloud VMs

EC2, Compute Engine, Azure VM, and DigitalOcean droplet deployments of the Docker engine make up the bulk of historic exposure events. Replace standing 0.0.0.0/0 security-group rules with private subnets, security-group source restrictions, and managed bastion access for human operators. Move long-lived production workloads onto a managed orchestrator (ECS, EKS, GKE, AKS, Cloud Run) where the network boundary is built in and the per-node daemon is not directly addressable.

CI/CD runners with docker.sock mounted

Self-hosted GitHub Actions runners, GitLab Runners with the Docker executor, Jenkins agents with docker-plugin or docker.sock mounted, Drone runners, and TeamCity build agents inherit the daemon defaults of whoever first provisioned them. Replace docker-in-docker with kaniko, buildah, img, or buildkit in user-namespace mode. Use ephemeral runners on isolated hosts per build rather than mounting the host runtime into a shared agent. Treat any pipeline that builds untrusted PR code with a host-mounted socket as a finding to triage immediately.

Kubernetes pods with hostPath docker.sock

Helm charts for telemetry, ingress controllers, image-update bots, container-management dashboards, and service-mesh sidecars sometimes ship with hostPath /var/run/docker.sock or /var/run/containerd/containerd.sock for convenience. Apply a PodSecurity admission baseline that forbids the mount, replace the workload with a sidecarless or kubelet-API-only equivalent, or move the workload to a hardened socket proxy. Audit DaemonSets quarterly to catch the pattern after every cluster upgrade.

Edge and legacy Docker installs

Long-lived virtual machines, vendor-distributed appliances, customer-managed instances at acquired companies, and home-grown installs run a Docker engine release several years behind the upstream support window and frequently inherit the legacy plaintext-bind defaults. Track these hosts on the finding record with the engine and API version, the maintainer contact, and the upgrade path. Where the host cannot be upgraded immediately, isolate it behind a managed network access boundary and document the residual risk decision in the exception register.