You are previewing Securing Docker.
O'Reilly logo
Securing Docker

Book Description

Learn how to secure your Docker environment and keep your environments secure irrespective of the threats out there

About This Book

  • Gain confidence in using Docker for containerization without compromising on security

  • This book covers different techniques to help you develop your container security skills

  • It is loaded with practical examples and real-world scenarios to secure your container-based applications

  • Who This Book Is For

    This book is for developers who wish to use Docker as their testing platform as well as security professionals who are interested in securing Docker containers. You must be familiar with the basics of Docker.

    What You Will Learn

  • Find out how to secure your Docker hosts and nodes

  • Secure your Docker components

  • Explore different security measures/methods for Linux kernels

  • Install and run the Docker Bench security application

  • Monitor and report security issues

  • Familiarize yourself with third-party tools such as Traffic Authorization, Summon, sVirt, and SELinux to secure your Docker environment

  • In Detail

    With the rising integration and adoption of Docker containers, there is a growing need to ensure their security.

    The purpose of this book is to provide techniques and enhance your skills to secure Docker containers easily and efficiently. The book starts by sharing the techniques to configure Docker components securely and explore the different security measures/methods one can use to secure the kernel.

    Furthermore, we will cover the best practices to report Docker security findings and will show you how you can safely report any security findings you come across. Toward the end, we list the internal and third-party tools that can help you immunize your Docker environment.

    By the end of this book, you will have a complete understanding of Docker security so you are able to protect your container-based applications.

    Style and approach

    This book is your one-stop solution to resolve all your Docker security concerns. It will familiarize you with techniques to safeguard your applications that run on Docker containers.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the code file.

    Table of Contents

    1. Securing Docker
      1. Table of Contents
      2. Securing Docker
      3. Credits
      4. About the Author
      5. About the Reviewer
        1. eBooks, discount offers, and more
          1. Why subscribe?
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
          1. Reader feedback
          2. Customer support
          3. Errata
          4. Piracy
          5. Questions
      8. 1. Securing Docker Hosts
        1. Docker host overview
        2. Discussing Docker host
        3. Virtualization and isolation
        4. Attack surface of Docker daemon
          1. Protecting the Docker daemon
        5. Securing Docker hosts
        6. Docker Machine
        7. SELinux and AppArmor
        8. Auto-patching hosts
        9. Summary
      9. 2. Securing Docker Components
        1. Docker Content Trust
          1. Docker Content Trust components
          2. Signing images
          3. Hardware signing
        2. Docker Subscription
        3. Docker Trusted Registry
          1. Installation
          2. Securing Docker Trusted Registry
          3. Administering
          4. Workflow
        4. Docker Registry
          1. Installation
          2. Configuration and security
        5. Summary
      10. 3. Securing and Hardening Linux Kernels
        1. Linux kernel hardening guides
          1. SANS hardening guide deep dive
          2. Access controls
          3. Distribution focused
        2. Linux kernel hardening tools
          1. Grsecurity
          2. Lynis
        3. Summary
      11. 4. Docker Bench for Security
        1. Docker security – best practices
        2. Docker – best practices
        3. CIS guide
          1. Host configuration
          2. Docker daemon configuration
          3. Docker daemon configuration files
          4. Container images/runtime
          5. Docker security operations
        4. The Docker Bench Security application
          1. Running the tool
            1. Running the tool – host configuration
            2. Running the tool – Docker daemon configuration
            3. Running the tool – Docker daemon configuration files
            4. Running the tool – container images and build files
            5. Running the tool – container runtime
            6. Running the tool – Docker security operations
          2. Understanding the output
            1. Understanding the output – host configuration
            2. Understanding the output – the Docker daemon configuration
            3. Understanding the output – the Docker daemon configuration files
            4. Understanding the output – container images and build files
            5. Understanding the output – container runtime
            6. Understanding the output – Docker security operations
        5. Summary
      12. 5. Monitoring and Reporting Docker Security Incidents
        1. Docker security monitoring
        2. Docker CVE
        3. Mailing lists
        4. Docker security reporting
          1. Responsible disclosure
          2. Security reporting
        5. Additional Docker security resources
          1. Docker Notary
          2. Hardware signing
          3. Reading materials
          4. Awesome Docker
        6. Summary
      13. 6. Using Docker's Built-in Security Features
        1. Docker tools
          1. Using TLS
          2. Read-only containers
        2. Docker security fundamentals
          1. Kernel namespaces
          2. Control groups
          3. Linux kernel capabilities
        3. Containers versus virtual machines
        4. Summary
      14. 7. Securing Docker with Third-party Tools
        1. Third-party tools
          1. Traffic Authorization
          2. Summon
          3. sVirt and SELinux
        2. Other third-party tools
          1. dockersh
          2. DockerUI
          3. Shipyard
          4. Logspout
        3. Summary
      15. 8. Keeping up Security
        1. Keeping up with security
          1. E-mail list options
            1. The two e-mail lists are as follows:
          2. GitHub issues
          3. IRC rooms
          4. CVE websites
        2. Other areas of interest
        3. Summary
      16. Index