Atlas 500 AI edge station (model 3000)
You can perform the following security hardening operations on the Atlas 500 AI edge station (model 3000) in addition to the operations described in Common Measures.
By default, the following options are configured for security hardening on the Docker daemon:
- --icc=false: Containers cannot communicate with each other.
- --live-restore: The Docker live restoration function is enabled.
- --userland-proxy=false: The userland proxy is disabled.
- --default-ulimit nofile=64:64: The maximum number of file handles of a single process is 64.
- --default-ulimit nproc=512:512: The maximum number of fork processes of a single UID is 512.
- --config-file="": The Docker configuration file is not used.
- --log-driver=json-file: The json-file driver is used to record logs.
- --log-opt max-size=2m: The maximum size of a log before rolling is 2 MB.
- --log-opt max-file=2: indicates the maximum number of log files that can exist.
You can modify the preceding configurations in the /etc/sysconfig/docker file based on service requirements.
Parent topic: Container Security Hardening