Szwendacz/Securing-Linux-Containers
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add numeration

Browse source
This commit is contained in:
Maciej Lebiest 2024-11-09 15:10:24 +01:00
parent fe2aa34977
commit ed5b319a16
1 changed files with 26 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
README.md
View file

@ -1,25 +1,25 @@
# Securing Linux Containers # Securing Linux Containers
## Table of contents # 1. Table of contents
<!--toc:start--> <!--toc:start-->
- [Securing Linux Containers](#securing-linux-containers) - [Securing Linux Containers](#securing-linux-containers)
- [Table of contents](#table-of-contents) - [1. Table of contents](#1-table-of-contents)
- [Introduction](#introduction) - [2. Introduction](#2-introduction)
- [Secrets](#secrets) - [3. Secrets](#3-secrets)
- [Alternatives](#alternatives) - [3.1 Alternatives](#31-alternatives)
- [Files](#files) - [3.1.1 Files](#311-files)
- [Users and groups](#users-and-groups) - [4. Users and groups](#4-users-and-groups)
- [Filesystem](#filesystem) - [5. Filesystem](#5-filesystem)
- [Resources limits](#resources-limits) - [6. Resources limits](#6-resources-limits)
- [Network](#network) - [7. Network](#7-network)
- [Images](#images) - [8. Images](#8-images)
- [Building](#building) - [8.1 Building](#81-building)
- [Scanning](#scanning) - [8.2 Scanning](#82-scanning)
- [Selinux](#selinux) - [9. Selinux](#9-selinux)
<!--toc:end--> <!--toc:end-->
## Introduction # 2. Introduction
This document is a collection of simple and very generic tips and best This document is a collection of simple and very generic tips and best
practices related to seciurity of Linux containers. Contenerization is practices related to seciurity of Linux containers. Contenerization is
@ -30,7 +30,7 @@ Tips and best practices collected here should help raise awarness about
how to keep containers really secure. Contents are kept container-engine how to keep containers really secure. Contents are kept container-engine
agnostic, but examples will be based on actual implementations (Podman, k8s). agnostic, but examples will be based on actual implementations (Podman, k8s).
## Secrets # 3. Secrets
Secret is the most vulnerable data, as it usually can open access to other Secret is the most vulnerable data, as it usually can open access to other
private data. They might also allow modification of the environment, which private data. They might also allow modification of the environment, which
@ -50,9 +50,9 @@ is only an example of vulnerability which was considered to be more
dangerous for contenerized apps, because of the vulnerability dangerous for contenerized apps, because of the vulnerability
being based on gaining access to env variables. being based on gaining access to env variables.
### Alternatives ## 3.1 Alternatives
#### Files ### 3.1.1 Files
Files with secrets are common and broadly supported. With proper setup they can Files with secrets are common and broadly supported. With proper setup they can
be also very secure. be also very secure.
@ -100,18 +100,18 @@ lrwxrwxrwx. 1 root root 32 Nov 9 14:00 ..data -> ..2024_11_09_14_00_47.4065932
lrwxrwxrwx. 1 root root 18 Nov 9 14:00 secret.conf -> ..data/secret.conf lrwxrwxrwx. 1 root root 18 Nov 9 14:00 secret.conf -> ..data/secret.conf
``` ```
## Users and groups # 4. Users and groups
## Filesystem # 5. Filesystem
## Resources limits # 6. Resources limits
## Network # 7. Network
## Images # 8. Images
### Building ## 8.1 Building
### Scanning ## 8.2 Scanning
## Selinux # 9. Selinux