2

I am new to Docker so please keep in mind.

The old way:

  1. Create cloud instance
  2. Add Ubuntu OS
  3. Provision / harden Linux via Chef
  4. Develop app locally
  5. Deploy via Capistrano or some other deployment tool

The docker way:

  1. Create cloud instance
  2. Add Ubuntu OS
  3. ???

Do I harden Linux first and then save it to a Docker image? Or do I create a Docker container and then harden it?

dawud
  • 15,096
  • 3
  • 42
  • 61
csi
  • 1,555
  • 7
  • 23
  • 42

1 Answers1

1

I'd say that both apply. Divide the hardening process in two steps:

  • A baseline, common hardening that all images should enforce regardless their final use.

  • Specific configuration targeting an application (a database, a web server, ...)

Create a hardened image from your OS of choice and use a local registry to store it.

You can have dockerfiles targeting specific applications that build FROM the hardened image and apply further restrictions if needed.

dawud
  • 15,096
  • 3
  • 42
  • 61