The Opportunity For Hardening Docker Containers – Enterprise Security Weekly #53 | SC Media
Container security, Cloud security

The Opportunity For Hardening Docker Containers – Enterprise Security Weekly #53

July 13, 2017

If you are a security professional who has not taken the plunge into Docker, this segment is for you! Paul highlights some of the configuration options available for Docker containers and how you can apply them to both your operating system and application hardening strategies.  
############################################################ # Dockerfile to build Nginx Installed Containers # Based on Debian ############################################################ # Set the base image to Ubuntu FROM debian:jessie # File Author / Maintainer MAINTAINER Paul Asadoorian # Update the repository RUN apt-get update # Install necessary tools RUN apt-get -q install -y wget net-tools vim supervisor ## Install nginx RUN echo "INFO: Installing nginx..." # install nginx, whatever is in Debian will work just fine RUN apt-get -q install -y nginx # copy over configs, restart ADD ./config/nginx/default /etc/nginx/sites-enabled/ ADD ./config/nginx/myconfig /etc/nginx/sites-enabled/ ADD ./config/nginx/key.* /etc/ssl/ # Expose ports EXPOSE 80 EXPOSE 8080 EXPOSE 443 # Set the default command to execute # when creating a new container RUN service nginx stop # Custom Supervisord config COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf CMD ["/usr/bin/supervisord"]
 
docker run --name nginx --net=macvlan_bridge --ip=10.10.1.2 --mac-address 00:50:56:xx:xx:xx --privileged=true -p 80:80 -p 8080:8080 -p 443:443 --link myappcontainer -v /storage/docker/uploads:/uploads -t -d nginx:ver1 docker network connect --ip 10.1.1.10 myapp_nw nginx
  Full Show NotesVisit http://secweekly2.wpengine.com/esw for all the latest episodes! [audio src="http://traffic.libsyn.com/eswaudio/The_Opportunity_For_Hardening_Docker_Containers_-_Enterprise_Security_Weekly_53_converted.mp3"]
prestitial ad