Lock down your Docker apps





Subscribe to our newsletter

By subscribing, you agree with Revue’s Terms of Service and Privacy Policy and understand that Vital DevOps: Improving Your Container DevOps Skills will receive your email address.


Vital DevOps: Improving Your Container DevOps Skills

October 28 · Issue #16 · View online

Commentary on tools and techniques I find interesting around Docker, Kubernetes, Cloud Native DevOps, and DevSecOps.

Hey Docker people, I just got back from my Euro Tour of conferences, friends, and beer! I finished with a workshop at GOTO Conference in Berlin, teaching Kubernetes and Swarm.
This newsletter covers various topics and tips on locking down Docker and your apps inside it.

Real-Time Docker Monitoring
How Do I Make Sure My App is Secure?
It’s kind of a flawed question, no system can be truly secure unless you unplug your machine and throw it in Davy Jones Locker on the bottom of the sea floor. The only thing we can do is take steps to hardening and safeguarding our environment to ensure we are doing all we can to keep it safe. I have a GitHub repo called “AMA” where users can Ask Me Anything. In one issue, I go over security recommendations for Docker on Linux. Ill highlight some of those here! Topics here range from Linux general security, to “Rootless Docker”, which I covered in a previous newsletter!
What security concerns should I have with Docker? Bret's AMA What security concerns should I have with Docker? Bret's AMA
Where Do I Start?
First, check out the DockerCon talk I gave which covered general production guidelines, Versions of OS’s, proper base images, cluster designs, etc.
DockerCon - Production Concerns DockerCon - Production Concerns
The next tip when starting to cover Docker security is the same as covering any other new Docker topic. Read the Docs! Below you will find the docs page which covers the 4 major areas to consider when covering Docker’s security: The Linux kernel with namespaces and cgroups, the daemon’s attack surface, the container’s configuration profile, and hardening security features.
Docker security | Docker Docs
Other Quick Tips Found in the AMA:
You can take some simple precautionary measures to your image like adding a USER stanza in your Dockerfile, specifying a specific username to avoid running apps as root. You can also use a 3rd party image scanner like Aqua Security’s Microscanner as a container to analyze your image. Their link is below. Another best practice that is notably important, is to avoid running images where you do not explicitly trust the source. Docker Hub does not run a scan on every image that is uploaded, so they are not immune to malicious images being pushed, as verified by the latest worm found in the last link below.
Aqua’s MicroScanner: Free Image Vulnerability Scanner for Developers
Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub
Thanks for reading,
Weekly YouTube Live: bretfisher.com/youtube
Course Coupons: bretfisher.com/courses
Did you enjoy this issue?
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Bret Fisher, Virginia Beach, Virginia, USA