Docker Inc have worked with the Center for Internet Security (CIS) to produce a benchmark document [pdf] containing numerous recommendations for the security of Docker deployments. The benchmark was announced in a blog post ‘Understanding Docker Security and Best Practices’ by Diogo Mónica who was recently hired along with Nathan McCauley to lead the Docker Security team. The team have also released an ‘Introduction to Container Security’ [pdf] white paper.
The benchmark document covers configuration of the host running Docker, configuration of Docker itself, and configuration of containers running under the management of Docker. It addresses Docker 1.6.0, which is the latest version at the time of writing, and is based on Red Hat Enterprise Linux (RHEL) version 7 or Debian version 8 as the host operating system (OS). A checkbox table for each recommendation is in an appendix to the benchmark.
comments (0)
Leave a reply