imthenachoman
commented
5 years ago How? Docker sits on top of the OS. You need to secure the OS first.
Closed dsseng closed 3 years ago
imthenachoman
commented
5 years ago How? Docker sits on top of the OS. You need to secure the OS first.
ShiromMakkad
commented
4 years ago It would be nice to know about any security risks about using Docker. Is something like Fail2Ban as effective when your services containerized? Is it able to read logs inside the containers? I don't know.
imthenachoman
commented
4 years ago I have only just started using Docker which is why this guide doesn't speak to it. I will update it once I know more.
But Fail2Ban can only monitor for what you tell it. You can, in theory, configure Fail2Ban to read logs inside the containers and ban appropriately.
elesiuta
commented
3 years ago Somewhat related, I recently put together some notes for myself for using LXD, and seems like it is pretty easy to use LXD to secure a Docker setup, since LXD uses AppArmor by default (or forgo docker altogether for LXD).
Edit: came back and realized my comment got a bit off topic so I moved it into a new issue: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server/issues/59
elesiuta
commented
3 years ago I came across a few services probably worth mentioning that offer an easy to setup and secure method of remotely accessing services in your docker containers as an alternative to a VPN or SSH tunnel.
https://github.com/authelia/authelia https://github.com/keycloak/keycloak https://github.com/pomerium/pomerium
imthenachoman
commented
3 years ago This is great. Thanks! I think it probably makes sense for Docker to have its own write-up that is independent of the base OS.
Using Docker can help you secure apps and server