HackerSploit Docker Security Essentials
Written by Nikos Vaggalis   
Tuesday, 10 August 2021

Docker has certainly become one of the most important parts of business infrastructure. Equally important is the question on how to secure it.This HackerSploit course, made in cooperation with Linode, has the answer.

The HackerSploit: Docker Security Series aims to provide developers, system administrators and DevOps engineers the necessary skills to be able to audit, secure and manage Docker in the context of an organization or in their own personal projects.

Available as an on demand event, it comes in two parts which in order to be watched require a simple registration with Name and email. However Part 1 is already available as a YouTube playlist without any restrictions. It comprises 4 chapters and lasts for 2 hours and 40 minutes and also  has an extra, almost hour-long introductory video that is not part of the registered event!

Chapter 1: Auditing Docker Security

  • An overview of the Docker platform
  • Common security issues and pitfalls
  • Docker security benchmarks and CVE's
  • Auditing the Docker platform with docker-bench-security

Chapter 2: Securing the Docker Host

  • Minimal operating systems
  • Auditing the Host security with Lynis
  • Securing and hardening the host OS
  • Setting up audit rules

Chapter 3: Securing the Docker Daemon

  • Managing access to the Docker daemon
  • Implementing TLS encryption
  • Implementing User Namespaces
  • Disabling inter container communications (icc)

Chapter 4: Securing & Hardening Docker Containers

  • Run containers with unprivileged users
  • Disable the root user
  • Prevent privilege escalation
  • Limit container capabilities

Part 2 is more in depth and technical and looks into securing the Docker daemon, using Jails and implementing access control. It is currently only available on demand and requires registration. It comprises 5 chapters and lasts for 2 hours and 13 minutes:

Chapter 1: Controlling Container Resource Consumption With Control Groups

  • Understanding control groups (cgroups)
  • Controlling container resources consumption

Chapter 2: Implementing Access Control For Containers With App Armor

  • Access control explained
  • Types of access control
  • Introduction to AppArmor
  • Creating and using custom AppArmor profiles

Chapter 3: Limiting Container System Calls With Seccomp

  • Seccomp
  • The process of creating and implementing custom seccomp profiles

Chapter 4: Vulnerability Scanning For Docker Containers

  • Vulnerability scanning for Docker containers
  • Vulnerability scanning for trivy
  • Vulnerability scanning for clair

Chapter 5: Building Secure Docker Images

  • Scanning Docker images with Dockle
  • Identifying misconfigurations
  • Building secure Docker images

Registering is recommended as as well as gaining access to both parts you also get the opportunity to participate in live exercises on O'Reilly's Katakoda platform. While not specific to the HackerSploit series since these exercises are Docker- related.

Personally as an independent developer I've found Part 1 very useful and educational and I gained the most value out of it although I've found Part 2 still intriguing.

The important thing to realize is that the course looks at Docker not as just securing containers but as as a platform/environment.

It's a very useful Linode initiative acknowledging Docker's ever rising importance thus the need for ensuring its security.

The course is also accompanied by a freely available eBook



More Information

Linode Event

YouTube Playlist

Related Articles

The Linux Upskill Challenge

Learn Kubernetes by Example

The Cloud Native Application Architecture Nanodegree - Foundations


To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


Microsoft Launches Secure Future Initiative

Microsoft has launched the Secure Future Initiative, a focus on improving security that includes software development, new identity protections, and faster responses to vulnerabilities.

Google Resumes Transition To Manifest V3

Google has resumed the planned deprecation of Manifest V2, giving notice to Chrome extension developers that Manifest V2 extensions will be phased out as early as June 2024 in the prestable versions - [ ... ]

More News




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 10 August 2021 )