Business, Development, Programming

Understanding Docker Syslog Systems and Container Security

dockercon2019

Businesses IT teams must set up multiple containers, and in doing so, they open themselves up to security risks. Whether you want to set up a WordPress container or a Docker syslog server, you have to be careful when creating and deploying any type of event repository. While this is incredibly efficient, this world of never-ending data breaches demands that businesses keep an eye on security. There are a few things that you can do ensure your servers remain more secure.

Pick Safe Third-Party Containers

Docker allows you to pull down multiple containers from different public repositories. Do you know who created the container? If not, do you really trust this third party? You may not be using a container that was created securely, which means that it could be susceptible to malware and other corrupt files.

In this case, you should sign up for Docker Hub’s pain package. This is a service that ensures your repository has been scanned and does not have any corrupt or malicious files. For example, you may want to set up a WordPress container. To do this, you probably use a command sudo search for WordPress to find any irregular files or images on the server.

Set Up Content Trust

docker-tip-53-difference-between-a-registry-repository-and-image
Docker Tip #53: Difference between a Registry, Repository and Image

If you do have a third-party image on your server that you’re not sure about, then as of the Docker 1.8 update, you can count on Content Trust. You can now verify authenticity, publication date, and integrity of all the images that are also on the Docker Hub Registry. However, you have to enable this feature to check your images. Once you enable it, Docker won’t be able to pull down images that haven’t been signed and verified by the registry.

You can enable this feature by inputting the following command:

  • sudo export DOCKER_CONTENT_TRUST=1

Docker will now inform you if you try to pull down any image that is not verified.

Containers Need Resource Limits

Containers Need Resource Limits docker
Docker Container Resource Management: CPU, RAM and IO, Part 1

In addition to image verification, you may also worry about containers that suddenly start to use up all of your host resources. If this happens, you may frantically try to cut off your server. However, you can actually prevent this problem before it even occurs by setting resource limits to individual containers. If you want to limit a container to 2GB of memory, then you can add this command option: –memory=”2000M”. You can also restrict the number of CPUs with another command: –cpus=2 (or whatever number you wish to limit the CPUs to).

Try a Free Third-Party Security Option

There are a few purpose-built security resources exclusively for Docker. You can use a tool like Twistlock, which offers a Docker security resource that has a seamless CI integration, security controls, and extensive API support. There is a free version and enterprise edition. If you need unlimited repositories, images, hosts, and 24/7 support with automated policy creation and proprietary feeds for possible security breaches, then the enterprise is the best option.

Docker offers amazing resources for those who want to secure their business and monitor their system logs with ease. You can also look at the Docker Security documentation to see how you can use other tools like Docker Bench Security.

You Might Also Like