How to securely deploy your containers, by the author of rkhunter and auditing tool Lynis.
Many introductory talks about Docker and its container technology, have been given. This attention to the subject is not surprising, seeing the amount of people "doing DevOps" now.
With container technology being fairly new on the Linux platform, the security aspects of containers are often being overlooked. While Linux containers do still not fully contain from a security point of view, we can definitely improve the security level of them.
In this talk, we have a look at the underlying Linux security measures, followed by the features Docker itself has to offer. The goal is to get an understanding how we can deploy containers in a secure way. After all, Docker is no longer just a toy, and our precious data is involved.
4. Results of Research
● Limited resources
● Outdated articles
● Conflicting information
● Security not important?
Proposal: Let's fix (some of) these issues
4
5. Proposal
Security proposals
● Tooling to simplify Linux security → Lynis
● Articles about Docker security → Blog posts
● Provide input to (GitHub) projects → You
● Presentations → In progress
5
28. Capabilities
● Root user → split into roles
● Default list of allowed capabilities
● --cap-add / --cap-drop
● Combine (e.g. add all, drop a few)
28