Head First DevSecOps
Security best practices
- Execution with non-root user
- Start containers in read-only mode
- Disable the setuid and setgid permissions
- Verifying images with Docker Content Trust
- Resource limitation
- Disabling ping command in a container
Security related modules
AppArmor
allows you to regulate permissions and access of the containers in the filesystemSELinux
provides a system of rules that allows you to implement access controls to the kernel resourcesSecure Computing Mode
(Seccomp) monitors kernel system calls
Reference
- Implementing DevSecOps with Docker and Kubernetes
https://github.com/DropsOfZut/awesome-security-weixin-official-accounts
Back to Table of Contents
Disclaimer
- License under
CC BY-NC 4.0
- Copyright issue feedback
me#imzye.com
, replace # with @ - Not all the commands and scripts are tested in production environment, use at your own risk
- No personal information is collected.
Feedback