How to Securely Configure a Linux Host to Run Containers
This guide, as part of the Twistlock Container Security How-To Guides series, describes the concrete steps that you can follow to configure a Linux host to run Docker containers securely.
Key steps highlighted in this guide include:
- How to start with a minimal installation of the OS and how to selectively add the services needed to run the Linux container applications
- How to configure the host security settings to harden and protect it from unauthorized access
- How to configure and install a Docker Engine with sensible default settings to minimize the attack surface
- How to ensure that the host has the necessary integration with existing enterprise systems like SIEM and enterprise directories
Why we wrote this Twistlock Container Security guide:
Many DevOps and security professionals have asked us questions on how to configure a secure environment to run containers. Questions such as “how to set my server so it can run containers efficiently and securely?” “how do I configure my container images so they are robust and secure?”, “how do I ensure Kubernetes is working well with my containers?”, are fairly common across many users and companies.
We do this internally – our engineering shop is entirely DevOps and container-driven. Our developers and testers need to set up a Kubernetes cluster for our system, both for production and for testing. We went through the exercise of setting up servers and configure them to run containers in a secure fashion. Similarly, we went through the exercise of developing gold images and enforcing only those to be run on our servers, etc.