github
/
developer-roadmap
mirror of https://github.com/kamranahmedse/developer-roadmap.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Roadmap to becoming a developer in 2022
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3136 Commits
207 Branches
4 Tags
441 MiB
 
 
 
 
 
Tag: Branch: Tree: 2ee81e6ff3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2ee81e6ff3'
${ noResults }
developer-roadmap/src/data/roadmaps/docker/content/109-container-security/101-runtime-security.md

2.6 KiB
Raw Blame History

Runtime Security

Runtime security focuses on ensuring the security of Docker containers while they are running in production. This is a critical aspect of container security, as threats may arrive or be discovered after your containers have been deployed. Proper runtime security measures help to minimize the damage that can be done if a vulnerability is exploited.

Least Privilege Principle

Ensure that your containers follow the principle of least privilege, meaning they should only have the minimum permissions necessary to perform their intended functions. This can help to limit the potential damage if a container is compromised.

  • Run your containers as a non-root user whenever possible.
  • Avoid running privileged containers, which have access to all of the host's resources.
  • Use Linux capabilities to strip away unnecessary permissions from your containers.

Read-only Filesystems

By setting your containers' filesystems to read-only, you can prevent attackers from modifying critical files or planting malware inside your containers.

  • Use the --read-only flag when starting your containers to make their filesystems read-only.
  • Implement volume mounts or tmpfs mounts for locations that require write access.

Security Scanning and Monitoring

Ensure that your containers are regularly scanned for vulnerabilities, both in the images themselves and in the runtime environment.

  • Use container scanning tools to detect and patch vulnerabilities in your images.
  • Implement runtime monitoring to detect and respond to security events, such as unauthorized access attempts or unexpected process launches.

Resource Isolation

Isolate your containers' resources, such as CPU, memory, and network, to prevent a single compromised container from affecting other containers or the host system.

  • Use Docker's built-in resource constraints to limit the resources your containers can consume.
  • Use network segmentation and firewalls to isolate your containers and limit their communication.

Audit Logs

Maintain audit logs of container activity to help with incident response, troubleshooting, and compliance.

  • Use Docker's logging capabilities to capture container logs, outputting them to a centralized logging solution.
  • Implement log analysis tools to monitor for suspicious activity and automatically alert if a potential incident is detected.

By focusing on runtime security, you can help ensure that your Docker containers continue to be secure even after they have been deployed in your environment. Aim to minimize the potential attack surface and continuously monitor for threats to help protect your critical applications and data.