hardening-docker-daemon-configuration

Featured

Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless mode, and CIS benchmark controls.

AI & Automation 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Hardening Docker Daemon Configuration ## Overview The Docker daemon (`dockerd`) runs with root privileges and controls all container operations. Hardening its configuration through `/etc/docker/daemon.json`, TLS certificates, user namespace remapping, and network restrictions is essential to prevent privilege escalation, lateral movement, and container breakout attacks. ## When to Use - When deploying or configuring hardening docker daemon configuration capabilities in your environment - When establishing security controls aligned to compliance requirements - When building or improving security architecture for this domain - When conducting security assessments that require this implementation ## Prerequisites - Docker Engine 24.0+ installed - Root or sudo access to the Docker host - OpenSSL for TLS certificate generation - Understanding of Linux namespaces and cgroups ## Core Hardened daemon.json ```json { "icc": false, "userns-remap": "default", "no-new-privileges": true, "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "5" }, "storage-driver": "overlay2", "live-restore": true, "userland-proxy": false, "default-ulimits": { "nofile": { "Name": "nofile", "Hard": 65536, "Soft": 32768 }, "nproc": { "Name": "nproc", "Hard": 4096, "Soft": 2048 } }, "seccomp-profile": "/etc/docker/seccomp/default.json", "default-address-pools": [ { "base": "172.17.0.0/1...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

hardening-docker-containers-for-production

Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v1.8.0 to minimize attack surface, prevent privilege escalation, and enforce leas

13,115 Updated today
mukul975
AI & Automation Featured

performing-container-image-hardening

This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing multi-stage builds, configuring non-root users, and applying CIS Docker Benchmark recommendations to produce secure production-ready images.

13,115 Updated today
mukul975
AI & Automation Solid

container-hardening

Harden container images and Kubernetes workload security contexts — distroless, multi-stage, minimal attack surface.

15 Updated today
sawrus
DevOps & Infrastructure Listed

docker-security

Opt-in advanced wizard for Docker security hardening beyond v1.0.26 baseline. Adds LAN containment with DNS policy (firewall + DNS sidecar), resource bounds with kernel hygiene sysctls, and a boot-time plugin install audit log. Each toggle is opt-in with honest cost/benefit framing, applied as a docker-compose overlay (does not modify the base compose file), verified against the live container, and fully reversible. Run after /docker-setup; requires bridge networking.

59 Updated today
gtapps
DevOps & Infrastructure Listed

container-hardening

Docker and OCI image hardening — base-image selection, USER/caps/read-only FS discipline, distroless migration, build-time scanning with trivy/grype, image signing via sigstore, and runtime guardrails (seccomp, AppArmor).

4 Updated 1 weeks ago
roodlicht