Tag: security

Docker read-only socket volume

New to docker and was listening to the talk given here (relevant part from 14:40 to about 16:00). The relevant portion talks about having a read-only volume for sockets to communicate with, say, a MySQL server. The scenario he presents is that it prevents someone who’s hacked into the server from deleting the MySQL socket. […]

Restricting access to Docker container contents

Is it possible to disallow attaching to a Docker container or otherwise restrict access to the file contents of a container? The use case is distribution of a PHP app where it is not desirable to allow the user to access or modify the app’s files. If that’s not possible with Docker, are there any […]

Securing docker containers

First of all let me say that I’m starting with docker and I haven’t tried yet, in order to do that I would like to know if there is a way where I can prevent users from seeing docker containers file system (I presume the containers FS is located on plain files under the host […]

Controlling access to multiple Docker containers on the same host

I’ve been tasked with setting up multiple isolated, client-specific instances of a web application on a single Amazon EC2 instance using Docker. The base application is fundamentally the same for each instance, but has been customized for each client. The goal is as follows: 1) Each container would be secured and “sandboxed” such that no […]

Docker for a one shot CLI application

Since I first knew of Docker, I thought it might be the solution for several problems we are usually facing at the lab. I work as a Data Analyst for a small Biology research group. I am using Snakemake for defining the -usually big and quite complex- workflows for our analyses. From Snakemake, I usually […]

Is Volume in Docker a security hole?

If we expose a host directory using ‘volume‘ in a docker container. I am wondering whether that is that considered a security back door.

mount root FS read only with docker-compose

I try to apply the docker CIS (https://github.com/docker/docker-bench-security) The test 5.13 is: Mount container’s root filesystem as read only There is an option for docker run to mount the root FS read only: –read-only=true But I can’t find the possibility to achieve the same with docker-compose. Is there a possibility to mount the root FS […]

internal infrastructure with docker

i’ve a small company-network with following services/servers: jenkins stash (atlassian) confluence (atlassian) ldap owncloud zabbix (monitoring) puppet and some java-web-apps all running in separate kvm(libvirt)-vms in separate virtual-subnets on 2 machines (1 internal, 1 hetzner-rootserver) with shorewall inbetween. i’m thinking about switching to docker. but there are 2 questions to me: how can i achieve […]

Owasp ZAP not performing authentication during active scan using “Form-Based-Authentication” ON python project

I am facing roadblock on a owasp zap form based authentication. I setup zap property as per guidance. When i run active scan then “when to attempt login it give FORBIDDEN error. CSRF token not available. Owasp ZAP not performing authentication during active scan using “Form-Based-Authentication” ON python project. [ My target url is: http://example.com:84/admin/login/?next=/admin/ […]

Docker Host Security – Can container run dangerous code or change host from inside of a container?

Lets say I pull a new image from a hub repository and run it without looking at the contents of the dockerfile. Can the container or image affect my host in any way possible? Please let me know because I will be running a list of images from a user inputted image names on my […]

Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.