Difference between revisions of "Docker Security"

From Glitchdata
Jump to navigation Jump to search
Line 11: Line 11:
 
* Avoid noisy neighbours - Help survive DDoS attacks.
 
* Avoid noisy neighbours - Help survive DDoS attacks.
 
* Running containers in super-priviledged mode might be unnecessary
 
* Running containers in super-priviledged mode might be unnecessary
 +
* Limit container resources to limit exposure to DDoS attacks.
 +
* Use Docker Security Bench
 +
 +
 +
 +
==Use Docker Bench Security==
 +
There's a very handy script you can run against your Docker server that will check:
 +
* Host Configuration
 +
* Docker Daemon Configuration
 +
* Docker Daemon Configuration Files
 +
* Container Images and Build Files
 +
* Container Runtime
 +
 +
Docker Bench Security should be considered a must-use script. Here's how you use it:
 +
 +
Open up a terminal window on your Docker server
 +
Download the script with the command git clone
 +
* https://github.com/docker/docker-bench-security
 +
Change into the newly created directory with the command cd docker-bench-security
 +
Run the script with the command sudo sh docker-bench-security.sh
 +
You will see quite a lot of information pass by as the script checks itself against Docker. The script will report Info, Warning, and Pass notes for every check (Figure C). From that information, you can act accordingly to further secure your Docker server and containers.
  
  
 
[[Category: Docker]]
 
[[Category: Docker]]
 
[[Category: Security]]
 
[[Category: Security]]

Revision as of 20:28, 21 February 2019

One of the valuable aspects to Docker Images is the ability to sign them. This allows the validation of integrity and trust of an Image.

Docker achieves this using Docker Notary


  • Know what is in the code base
    • Understand the libraries, and it origin
  • Know what is in your containers
  • Docker Image Authenticity - Do you know the source?
  • Avoid noisy neighbours - Help survive DDoS attacks.
  • Running containers in super-priviledged mode might be unnecessary
  • Limit container resources to limit exposure to DDoS attacks.
  • Use Docker Security Bench


Use Docker Bench Security

There's a very handy script you can run against your Docker server that will check:

  • Host Configuration
  • Docker Daemon Configuration
  • Docker Daemon Configuration Files
  • Container Images and Build Files
  • Container Runtime

Docker Bench Security should be considered a must-use script. Here's how you use it:

Open up a terminal window on your Docker server Download the script with the command git clone

Change into the newly created directory with the command cd docker-bench-security Run the script with the command sudo sh docker-bench-security.sh You will see quite a lot of information pass by as the script checks itself against Docker. The script will report Info, Warning, and Pass notes for every check (Figure C). From that information, you can act accordingly to further secure your Docker server and containers.