4. Docker Bench for Security
by Scott Gallagher, Allan Espinosa, Russ McKendrick, Santosh Kumar Konduri, Vaibhav
Docker: Creating Structured Containers
- Docker
- Table of Contents
- Docker
- Meet Your Course Guide
- 1. Course Module 1: Learning Docker
- 1. Getting Started with Docker
- An introduction to Docker
- Docker on Linux
- Differentiating between containerization and virtualization
- Docker networking/linking
- Installing Docker
- Downloading the first Docker image
- Running the first Docker container
- Running a Docker container on Amazon Web Services
- Troubleshooting
- 2. Up and Running
- Docker terminologies
- Docker commands
- The daemon command
- The version command
- The info command
- The run command
- The search command
- The pull command
- The start command
- The stop command
- The restart command
- The rm command
- The ps command
- The logs command
- The inspect command
- The top command
- The attach command
- The kill command
- The cp command
- The port command
- Running your own project
- Dockerfile
- 3. Container Image Storage
- 4. Working with Docker containers and images
- 5. Publishing Images
- 6. Running Your Private Docker Infrastructure
- 7. Running Services in a Container
- 8. Sharing Data with Containers
- 9. Docker Machine
- 10. Docker Compose
- 11. Docker Swarm
- 12. Testing with Docker
- 13. Debugging Containers
- 1. Getting Started with Docker
- 2. Course Module 2: Networking Docker
- 1. Docker Networking Primer
- 2. Docker Networking Internals
- 3. Building Your First Docker Network
- 4. Networking in a Docker Cluster
- 5. Next Generation Networking Stack for Docker – libnetwork
- 3. Course Module 3: Monitoring Docker
- 1. Introduction to Docker Monitoring
- 2. Using the Built-in Tools
- 3. Advanced Container Resource Analysis
- 4. A Traditional Approach to Monitoring Containers
- 5. Querying with Sysdig
- 6. Exploring Third Party Options
- 7. Collecting Application Logs from within the Container
- 8. What Are the Next Steps?
- 4. Course Module 4: Securing Docker
- 1. Securing Docker Hosts
- 2. Securing Docker Components
- 3. Securing and Hardening Linux Kernels
- 4. Docker Bench for Security
- Docker security – best practices
- Docker – best practices
- CIS guide
- The Docker Bench Security application
- Running the tool
- Understanding the output
- Understanding the output – host configuration
- Understanding the output – the Docker daemon configuration
- Understanding the output – the Docker daemon configuration files
- Understanding the output – container images and build files
- Understanding the output – container runtime
- Understanding the output – Docker security operations
- 5. Monitoring and Reporting Docker Security Incidents
- 6. Using Docker's Built-in Security Features
- 7. Securing Docker with Third-Party Tools
- 8. Keeping up Security
- 5. Course Module 5: Mastering Docker
- 1. Docker in Production
- 2. Shipyard
- 3. Panamax
- 4. Tutum
- 5. Advanced Docker
- A. Reflect and Test Yourself! Answers
- Module 1: Learning Docker
- Chapter 1: Getting Started with Docker
- Chapter 6: Running Your Private Docker Infrastructure
- Chapter 7: Running Services In a Container
- Chapter 8: Sharing Data with Containers
- Chapter 9: Docker Machine
- Chapter 10: Orchestrating Docker
- Chapter 11: Docker Swarm
- Chapter 12: Testing with Docker
- Chapter 13: Debugging Containers
- Module 2: Networking Docker
- Module 3: Monitoring Docker
- Module 4: Securing Docker
- Chapter 2: Securing Docker Components
- Chapter 3: Securing and Hardening Linux Kernels
- Chapter 4, Docker Bench for Security
- Chapter 5, Monitoring and Reporting Docker Security Incidents
- Chapter 6, Using Docker's Built-in Security Features
- Chapter 7, Securing Docker with Third-party Tools
- Chapter 8, Keeping up Security
- Module 5: Mastering Docker
- Module 1: Learning Docker
- B. Bibliography
- Index
In this chapter, we will be looking at the Docker Bench for Security. This is a tool that can be utilized to scan your Docker environments, start the host level and inspect all the aspects of this host, inspect the Docker daemon and its configuration, inspect the containers running on the Docker host, and review the Docker security operations and give you recommendations across the board of a threat or concern that you might want to look at in order to address it. In this chapter, we will be looking at the following items:
- Docker security – best practices
- Docker – best practices
- Center for Internet Security (CIS) guide
- Host configuration
- Docker daemon configuration
- Docker daemon configuration files
- Container images/runtime
- Docker security operations
- The Docker Bench Security application
- Running the tool
- Understanding the output
In this section, we will take a look at the best practices when it comes to Docker as well as the CIS guide to properly secure all the aspects of your Docker environment. You will be referring to this guide when you actually run the scan (in the next section of this chapter) and get results of what needs to or should be fixed. The guide is broken down into the following sections:
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.