vagrant up
vagrant ssh
sudo systemctl start docker
docker pull docker/docker-bench-security
docker run --rm -d nginx
docker run --rm --net host --pid host --userns host --cap-add audit_control \
-e DOCKER_CONTENT_TRUST=1 \
-v /etc:/etc:ro \
-v /usr/lib/systemd:/usr/lib/systemd:ro \
-v /var/lib:/var/lib:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--label docker_bench_security \
docker/docker-bench-security