Hardening / Lockdown mode

[Dramelac]

Have a local firewall, limited capabilities, virtual env around docker on the host, non-root user inside Docker, and many more security enforcement to be able to use Exegol in sensitive contexts, limit operational security risks, etc.

[Dramelac]

Doc:
https://reynardsec.com/en/docker-platform-security-step-by-step-hardening/

[GRodolphe]

Hello, using a tool like docker bench can provide an initial overview of the "health status" of Docker images. I can scan the images and share the results if that seems relevant. I also offer to help with hardening.

[Dramelac]

Hello, using a tool like docker bench can provide an initial overview of the "health status" of Docker images. I can scan the images and share the results if that seems relevant. I also offer to help with hardening.

Hello

Not sure what kind of "best practice" this tools is looking for. Exegol-image is not a service image "as usual" so there is a lots of difference. But i can still be interesting to see.

I think the hardening part will be more container oriented, regarding config, volume, apparmor options etc..
But if we can improve image-side too it can be interesting and added to the card !

[GRodolphe]

Hello, using a tool like docker bench can provide an initial overview of the "health status" of Docker images. I can scan the images and share the results if that seems relevant. I also offer to help with hardening.

Hello

Not sure what kind of "best practice" this tools is looking for. Exegol-image is not a service image "as usual" so there is a lots of difference. But i can still be interesting to see.

I think the hardening part will be more container oriented, regarding config, volume, apparmor options etc.. But if we can improve image-side too it can be interesting and added to the card !

Oh ok I see, I will dig this subject