Docker Hardening Standard

DevOps‎ > ‎

Docker Hardening Standard

posted Aug 28, 2019, 7:20 AM by Chris G [ updated Aug 28, 2019, 7:21 AM ]

Docker Hardening Standard

✅ The Center for Internet Security (CIS) puts out documents detailing security best-practices, recommendations, and actionable steps to achieve a hardened baseline. The best part: they're free.

✅ Better yet, docker-bench-security is an automated checker based on the CIS benchmarks.

# recommended
$ docker run \
    -it \
    --net host \
    --pid host \
    --userns host \
    --cap-add audit_control \
    -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
    -v /var/lib:/var/lib \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /usr/lib/systemd:/usr/lib/systemd \
    -v /etc:/etc --label docker_bench_security \
    docker/docker-bench-security

from:

https://dev.to/petermbenjamin/docker-security-best-practices-45ih

Comments