hardening-docker-daemon-configuration

Featured

Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless mode, and CIS benchmark controls.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Hardening Docker Daemon Configuration ## Overview The Docker daemon (`dockerd`) runs with root privileges and controls all container operations. Hardening its configuration through `/etc/docker/daemon.json`, TLS certificates, user namespace remapping, and network restrictions is essential to prevent privilege escalation, lateral movement, and container breakout attacks. ## When to Use - When deploying or configuring hardening docker daemon configuration capabilities in your environment - When establishing security controls aligned to compliance requirements - When building or improving security architecture for this domain - When conducting security assessments that require this implementation ## Prerequisites - Docker Engine 24.0+ installed - Root or sudo access to the Docker host - OpenSSL for TLS certificate generation - Understanding of Linux namespaces and cgroups ## Core Hardened daemon.json ```json { "icc": false, "userns-remap": "default", "no-new-privileges": true, "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "5" }, "storage-driver": "overlay2", "live-restore": true, "userland-proxy": false, "default-ulimits": { "nofile": { "Name": "nofile", "Hard": 65536, "Soft": 32768 }, "nproc": { "Name": "nproc", "Hard": 4096, "Soft": 2048 } }, "seccomp-profile": "/etc/docker/seccomp/default.json", "default-address-pools": [ { "base": "172.17.0.0/1...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

hardening-docker-containers-for-production

Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v1.8.0 to minimize attack surface, prevent privilege escalation, and enforce leas

12,642 Updated today
mukul975
AI & Automation Featured

performing-container-image-hardening

This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing multi-stage builds, configuring non-root users, and applying CIS Docker Benchmark recommendations to produce secure production-ready images.

12,642 Updated today
mukul975
AI & Automation Solid

container-hardening

Harden container images and Kubernetes workload security contexts — distroless, multi-stage, minimal attack surface.

14 Updated 3 days ago
sawrus
DevOps & Infrastructure Listed

container-hardening

Docker and OCI image hardening — base-image selection, USER/caps/read-only FS discipline, distroless migration, build-time scanning with trivy/grype, image signing via sigstore, and runtime guardrails (seccomp, AppArmor).

4 Updated 1 weeks ago
roodlicht
DevOps & Infrastructure Listed

security-hardening

Reduces attack surface across OS, container, cloud, network, and database layers using CIS Benchmarks and zero-trust principles. Use when hardening production infrastructure, meeting compliance requirements, or implementing defense-in-depth security.

368 Updated 5 months ago
ancoleman