userd
ufw-docker-automated
Our great sponsors
userd | ufw-docker-automated | |
---|---|---|
1 | 6 | |
9 | 190 | |
- | - | |
5.4 | 1.8 | |
3 months ago | 6 months ago | |
Go | Go | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
userd
ufw-docker-automated
-
Docker developers discuss changes in how ports are to be forwarded into containers
I know it looks daunting, but it's just putting ufw-style rules into your docker-compose files. There are other solutions like ufw docker automated , but they seem even more annoying to setup.
-
Securing a VPS running docker
Or this for a more automated one: https://github.com/shinebayar-g/ufw-docker-automated
-
Stay safe with Docker and firewall
This is nothing new and a known issue for a very long time with docker and ufw and easily sorted by using this workaround.
-
Docker overrides UFW rules
Known issue for years but this and this helps.
-
A Docker footgun led to a vandal deleting NewsBlur's MongoDB database
Luckily it was about as hardened as regular ftp can be, but I noticed the problem when my service wasn't able to log in as the (very low) connection limit was filled by someone attempting passwords.
I've been using https://github.com/shinebayar-g/ufw-docker-automated to make docker compliant with UFW, and defining firewall rules as labels for the containers.
-
Checklist for hardening a linux VPS?
I found this script, but haven't had the time to try it.
What are some alternatives?
GOdin - GOdin is an open source monitoring server and agent for linux systems. Its main feature is currently monitoring the state of installed packages. It is intended to use with visualising software (ex. Grafana).
ufw-docker - To fix the Docker and UFW security flaw without disabling iptables
ansible-role-security - Ansible Role - Security
opensnitch - OpenSnitch is a GNU/Linux application firewall
JShielder - Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark
How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
iptables-docker - A bash solution for docker and iptables conflict
whalewall - Automate management of firewall rules for Docker containers
debian_bridge - CLI utility to run .deb packages on non-debian distros using docker
Moby - The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
pfDeploy - Deploy your pf configuration in a FreeBSD VM.