hardening-docker-containers-for-production

Featured

Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v1.8.0 to minimize attack surface, prevent privilege escalation, and enforce leas

DevOps & Infrastructure 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Hardening Docker Containers for Production ## Overview Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v1.8.0 to minimize attack surface, prevent privilege escalation, and enforce least-privilege principles across Docker daemon, images, containers, and runtime configurations. ## When to Use - When deploying or configuring hardening docker containers for production capabilities in your environment - When establishing security controls aligned to compliance requirements - When building or improving security architecture for this domain - When conducting security assessments that require this implementation ## Prerequisites - Docker Engine 24.0+ installed - Docker Compose v2 - Linux host with kernel 5.10+ - Root or sudo access on Docker host - docker-bench-security tool - Hadolint for Dockerfile linting - Dockle for image linting ## Core Concepts ### CIS Docker Benchmark Sections 1. **Host Configuration** - Audit Docker daemon files, restrict access to /var/run/docker.sock 2. **Docker Daemon Configuration** - Enable TLS, restrict inter-container communication, configure logging 3. **Docker Daemon Configuration Files** - Set ownership and permissions on daemon.json 4. **Container Images and Build File** - Use trusted base images, scan for vulnerabilities, multi-stage builds 5. **Container Runtime** - Drop capabilities, read-only rootfs, restrict syscalls 6. **Docker Security Operations** - Monitor,...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Docker · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

hardening-docker-daemon-configuration

Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless mode, and CIS benchmark controls.

12,642 Updated today
mukul975
AI & Automation Featured

performing-container-image-hardening

This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing multi-stage builds, configuring non-root users, and applying CIS Docker Benchmark recommendations to produce secure production-ready images.

12,642 Updated today
mukul975
DevOps & Infrastructure Listed

security-hardening

Reduces attack surface across OS, container, cloud, network, and database layers using CIS Benchmarks and zero-trust principles. Use when hardening production infrastructure, meeting compliance requirements, or implementing defense-in-depth security.

368 Updated 5 months ago
ancoleman
DevOps & Infrastructure Featured

performing-docker-bench-security-assessment

Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying Docker containers in production. Based on the CIS Docker Benchmark, it audits host confi

12,642 Updated today
mukul975
DevOps & Infrastructure Listed

container-hardening

Docker and OCI image hardening — base-image selection, USER/caps/read-only FS discipline, distroless migration, build-time scanning with trivy/grype, image signing via sigstore, and runtime guardrails (seccomp, AppArmor).

4 Updated 1 weeks ago
roodlicht