How to use Docker Bench for Security to audit your container deployments
One of the biggest issues surrounding container deployments is security. This is such an issue because there are so many moving parts to be checked. You might have your container manifests perfectly secure, but what about your host? Or maybe your host is sound, but your YAML files are riddled with security holes.
What do you do? Spend hours (or days) combing through everything to ensure those deployments are secure? You could do that. Or you could make use of the tools available to you. One such tool is a pre-built container, called Docker Bench for Security--it does a great job of auditing your container host and the currently running deployments. Unlike many such tools, Docker Bench for Security is incredibly easy to use.
Docker Bench for Security audits the following:
Let me show you how this is done.
SEE: Kubernetes security guide (free PDF) (TechRepublic)
What you'll need
The only things you'll need to make this work are a running instance of Docker on your server and a user associated with the docker group who can run Docker commands.
I'll be demonstrating on Ubuntu Server 20.04, but the tool will work on any platform that supports Docker.
How to get Docker Bench
The first thing we need to do is clone the tool from GitHub. If you don't already have git installed, do so with a command like:
Clone Docker Bench with the command:
Change into the newly-created directory with the command:
How to configure the Docker daemon
Before we run the audit, we need to create a Docker daemon configuration file. Create the file with the command:
In that file, paste the following:
Save and close the file.
How to install and configure auditd
We now need to install auditd with the command:
When the installation completes, open the auditd rules file with the command:
At the bottom of the file, paste the following:
Save and close the file.
Restart auditd with the command:
Finally, restart the Docker daemon with the command:
How to run the audit
While in the docker-bench-security directory, launch the audit with the command:
The above command will run the audit and start listing out details with either:
When the audit completes, you must comb through the output and address everything listed as a Warning--at minimum (Figure A). There might even be some Info or Note messages that you'll need to take care of.
The output you receive will depend on the configuration of your host and the containers you've deployed. However, it should be your goal to fix every Warning, at a minimum. After you address these issues, make sure to re-run the audit. Do this until you no longer see any Warning labels listed.
And that's all there is to using Docker Bench for Security to audit your host and containers.
Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.