ufw-docker-automated
for-linux
ufw-docker-automated | for-linux | |
---|---|---|
6 | 34 | |
193 | 744 | |
- | 0.0% | |
1.8 | 0.0 | |
6 months ago | over 1 year ago | |
Go | ||
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ufw-docker-automated
-
Docker developers discuss changes in how ports are to be forwarded into containers
I know it looks daunting, but it's just putting ufw-style rules into your docker-compose files. There are other solutions like ufw docker automated , but they seem even more annoying to setup.
-
Securing a VPS running docker
Or this for a more automated one: https://github.com/shinebayar-g/ufw-docker-automated
-
Stay safe with Docker and firewall
This is nothing new and a known issue for a very long time with docker and ufw and easily sorted by using this workaround.
-
Docker overrides UFW rules
Known issue for years but this and this helps.
-
A Docker footgun led to a vandal deleting NewsBlur's MongoDB database
Luckily it was about as hardened as regular ftp can be, but I noticed the problem when my service wasn't able to log in as the (very low) connection limit was filled by someone attempting passwords.
I've been using https://github.com/shinebayar-g/ufw-docker-automated to make docker compliant with UFW, and defining firewall rules as labels for the containers.
-
Checklist for hardening a linux VPS?
I found this script, but haven't had the time to try it.
for-linux
-
Docker Private Registry using Harbor
Software Version Description Docker Engine Version 20.10.10-ce+ or higher For installation instructions, see https://docs.docker.com/engine/installation/ Docker Compose docker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin) For installation instructions, see https://docs.docker.com/compose/install/ OpenSSL Latest is preferred Used to generate certificate and keys for Harbor
-
IBM Cloud Code Engine (serverless) Application setup with a private registry — Step by Step Guide
Install the Docker CLI.
-
Serverless Horrors
Reading the GitHub issue about this is somewhat entertaining: https://github.com/docker/for-linux/issues/690
People are getting hacked a lot because of this, and docker doesn't seem to care all that much.
-
Signing container images: Comparing Sigstore, Notary, and Docker Content Trust
Docker: A tool for building, running, and managing Docker containers
-
Docker and iptable question
possibly useful: https://github.com/docker/for-linux/issues/690 (Docker bypasses ufw firewall rules)
-
What could go wrong with docker containers?
Sure - I work in an environment where I have to be on the VPN to access Snowflake. I also have to use Windows. The easiest dev environment for that is to install WSL2 and do the development in Ubuntu therein. However, the way that WSL2 manages Ubuntu is through some Windows host processes instead of the daemons that typically are used when you run Ubuntu. You can search around and find various reports about this - it manifests as "Cannot connect to the docker daemon." Here is one example from a quick search. On Windows, the way that you can easily get around that, if your org supports it, is to run Docker Desktop for Windows, which then manages that daemon process. That's all fine and good, but WSL has issues with routing traffic through VPNs for some reason. Again, here is a quick example of the type of things you'll find when you Google about this problem.
-
Network Adapter Restriction, Possible?
For a more universal configuration, setting the ip option in Docker's daemon.json file should tell Docker to only bind to that IP address. It does sound like there may be some bugs with this setting though, so your mileage may vary.
-
Still waiting for Ubuntu 22.04 LTS base image for ODROID M1
One workaround I've found is: https://github.com/docker/for-linux/issues/1437
-
MEM USAGE 0 - using sudo docker stats
Thank you. Your link is probably solution, it looks similar to the post I found before on github (and I was afraid to use it).
- Docker (on Windows) - Can no longer start a container
What are some alternatives?
ufw-docker - To fix the Docker and UFW security flaw without disabling iptables
opensnitch - OpenSnitch is a GNU/Linux application firewall
async-profiler - Sampling CPU and HEAP profiler for Java featuring AsyncGetCallTrace + perf_events [Moved to: https://github.com/async-profiler/async-profiler]
JShielder - Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark
cli - Snyk CLI scans and monitors your projects for security vulnerabilities.
How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
ghost-chase-condition - Chasing a performance-eating ghost down the JVM rabbit hole
iptables-docker - A bash solution for docker and iptables conflict
beekeeper-studio - Modern and easy to use SQL client for MySQL, Postgres, SQLite, SQL Server, and more. Linux, MacOS, and Windows.
whalewall - Automate management of firewall rules for Docker containers
Netdata - The open-source observability platform everyone needs