Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
What security concerns should I have with Docker? How should I go about locking it down? #17
Security recommendations for Docker on Linux servers, in order of priority.
First, research and learn
Then consider each of these a project to implement. Easier ones at top:
For questions about "is docker secure" (what does that even mean, nothing is perfectly secure unless it's turned off and removed from the internet):
Realize that a default Docker install on Linux doesn't open ports to expose Docker remotely. This is a good thing. Even Swarm Mode only opens ports for cluster communications and requires mutual TLS auth in all cases. In version 18.09 we can even remotely control Docker Engine through SSH, preventing 90% of the reasons for exposing TCP ports for remote management in the first place, which is very exciting.
The headlines we see about container security concerns largely revolve around two things:
This goes back to the same things I'm saying above: