docker-pihole-unbound
docker-bench-security
docker-pihole-unbound | docker-bench-security | |
---|---|---|
77 | 13 | |
999 | 8,904 | |
- | 0.5% | |
2.9 | 5.9 | |
16 days ago | 18 days ago | |
Shell | Shell | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-pihole-unbound
- Struggling to pull down Pi-Hole + Unbound - 1 Container project, Please help.
-
pihole + unbound (DoH on 443?)
I'm running the chriscrowe 'one container' build for pihole for ad-blocking (https://github.com/chriscrowe/docker-pihole-unbound), and unbound for private recursive DNS which is running great on my Zima board.
-
Portainer : failure to get template.
I believe my problem stems from when I tried to install the pihole-unbound container (https://github.com/chriscrowe/docker-pihole-unbound)
-
Has anyone run Void on a WiiU? I'm looking for a PowerPC alternative to a Mac Mini G4.
I've got lucky enough that I could get in Nov-19 a Raspberry Pi 4 with 4GB of RAM that I use as a NAS+Pi-Hole + Unbound +Other stuff (running Void MUSL of course) and instead of an SD I use an HDD for the OS + a 5TB HDD for the data and even fully loaded all cores it barely consumes more than 22W.
-
Synology/MACVLAN/BRIDGE help
I was only able to get pihole macvlan approach working with an ssh access + docker-compose approach. I used the crowe one-container approach Still had to enable Open vSwitch for the network in Synology first.
-
Issues with Pihole+Unbound in Docker Compose
You can follow the doc to do those install steps within your own Dockerfile. Or you can use the commonly recommended chriscrowe image, which does what I’m describing.
-
I've created a simple 2 container Pihole + Unbound Docker Setup for you to use
When I started experimenting with this topic chriscrowe's was a baseline for stuff that I tryed out, so kudos to chris!
-
Foolproof instructions for Pihole/Unbound via Docker
It seems you’re looking at a wrong file. Here is a docker file for one-container solution: https://github.com/chriscrowe/docker-pihole-unbound/blob/55c88afaf8d76958923adc38f4c12a80e1cb9084/one-container/pihole-unbound/Dockerfile
- [Pi-Hole] Pihole & Unbound Docker?
-
Confused about Pi-hole / Unbound Combo - Basic Question
2) you can use something like this maintained GitHub repo. Just decide if you want to use 1 or 2 containers and modify the ip and gateways, etc accordingly.
docker-bench-security
-
Understanding Container Security
Scanning your container images for vulnerabilities is a good approach. But this scanning is not one time job, it should be done regularly (weekly, monthly, etc.) You need to follow vulnerability reports and fix all of the vulnerabilities as soon as possible. I recommend some open-source tools that could be useful: Trivy, Docker-Bench, Grype.
-
Security docker app
For Docker configuration I have used this in the past (it utilizes the CIS Docker Benchmark): https://github.com/docker/docker-bench-security
- What's your favourite Docker Image, and why?
-
Docker image scan against cis benchmark
So the main tool to scan against the CIS Docker benchmark (I'm presuming that's the one you're interested in) is https://github.com/docker/docker-bench-security .
-
How to enhance container security using Docker Bench
git clone https://github.com/docker/docker-bench-security.git cd docker-bench-security sudo sh docker-bench-security.sh
-
Importing certificates into containers
when deploying images on cloud, I always run it thru "docker bench security" It helps finding potential security holes in my images.
-
How to Secure Your Kubernetes Clusters With Best Practices
Use Docker Bench for Security to audit your container images
-
Container security best practices: Comprehensive guide
Other tools you can use are linux-bench, docker-bench, kube-bench, kube-hunter, kube-striker, Cloud Custodian, OVAL, and OS Query.
- hardening my container: am i doing things right?
-
What do you have within your pipelines to ensure that containers deployed are secure?
I run https://github.com/docker/docker-bench-security against my environment. I would determine what was non-applicable/not scored and then start with scored. Then I would do not scored. My team had made their own Dockerfiles when I started and just grabbed whatever image/version and getting things baselined was not fun. I had to do this for docker-compose and stay on version 2 yml as otherwise I had to go to swarm.
What are some alternatives?
docker-pi-hole - Pi-hole in a docker container
hadolint - Dockerfile linter, validate inline bash, written in Haskell
AdGuardHome - Network-wide ads & trackers blocking DNS server
kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
wirehole - WireHole is a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
wireguard-install - WireGuard VPN installer for Linux servers
gosec - Go security checker
docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
SonarQube - Continuous Inspection
unbound-docker - Unbound DNS Server Docker Image
tfsec - Security scanner for your Terraform code