Tag: security

How to hide SSH key to the Docker image without leaving the trace?

If I add my private SSH key to my Docker image, how can I hide it without leaving the trace, so no one (except me) can access it?

Multiple Docker images filesystem scan

I’m trying to identify the most efficient and quickest way to scan multiple Docker images in my environment to determine if specific directory structures exist with each image. Obviously I can exec into each image on an individual basis and manually check but I’m looking to automate this process. I cannot think of a way […]

Does my proxied server need to use HTTPS protocol with docker linking?

I am running several docker containers for a very small web app: nginx, node, and redis. These containers are all linked together using the legacy methods (not a network) with the pattern nginx –proxies-> node –uses-> redis My nginx proxy is set up to use HTTPS but my node server (using hapi.js) is not. Is […]

Getting docker pull to default pull from a private registry?

So when you docker pull an image, it by default looks to the Docker Hub registry to find the image. Is there any way that I can make it so when I docker pull, it by default looks into my private registry?

Docker security isolation what does it mean exactly?

Most of the doubt/risk concerning docker I can read on internet concern the potential isolation security. On the docker documentation, I understand their is two things to take care of: The docker daemon needs root it self. This means that anyone with access to the daemon could potentially mess with the whole system. While I […]

Docker Server for Multiple Users

I am planning on installing Linux on a high end PC with a GPU in my lab, with the intention of allowing students and other researchers to run Docker containers when they need a bit of extra performance. I do not want each of these users to have root access (which, as far as I […]

Using SSH Hadoop inside docker container with non-privileged user

I try to create a Docker Image running the “Hadoop Distributed File System” as a non-privileged user. But I fail so far to build such an image. In general it is recommended to use non-privileged users inside a docker container. Normally I do this by creating a new user in my dockerfile like this: RUN […]

What are the security and performance constraints of using docker containers in a RESTful API in order to execute untrusted code?

I am developing a set of RESTful APIs for providing some data analytics. When calling the API, the client will also be able to pass script functions as additional parameters (and the functions will be executed during the analytics pipeline). The data itself will be retrieved from various sources such as Amazon S3, The client’s […]

Which capabilities can I drop in a Docker Nginx container?

I’m running Nginx in a Docker container, and I would like to drop as many Linux capabilities as possible, for security reasons. Which capabilities can I then drop? The image is similar to the standard Docker Nginx Alpine image here: https://github.com/nginxinc/docker-nginx/blob/0c7611139f2ce7c5a6b1febbfd5b436c8c7d2d53/mainline/alpine/Dockerfile, which starts Nginx as root, and then runs the worker process as user ‘nginx’, […]

Docker seccomp not working on Kali

I’m investigating about kernel security using Docker. I’m testing seccomp and it works very well on Debian and Ubuntu, but It’s not working on Kali Linux. Example: I created a simple json file called sec.json with this content: { “defaultAction”: “SCMP_ACT_ALLOW”, “syscalls”: [ { “name”: “mkdir”, “action”: “SCMP_ACT_ERRNO” } ] } It’ suppossed that running […]

Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.