Host Security Hardening
- Create an independent partition for containers. The default Docker directory is /var/lib/docker. You are advised to create an independent drive partition for Docker to prevent the drive space occupied by containers from affecting the drive space used by other applications on the host.
- Perform security hardening on the Docker host. You are advised to perform security hardening on the host where the Docker container is running and periodically scan for vulnerabilities.
- Use the latest Docker version. You are advised to update the Docker version in a timely manner to prevent known vulnerabilities in the Docker software.
- Allow only trusted users to join the Docker user group. The Docker user group has high permissions. Users in the Docker user group have all the privileges of the root user, which is risky. You are advised to add only necessary users to the Docker user group.
- Enable the audit function for the Docker daemon and key files. The audit function traces the root cause of an attack event. After this function is enabled, the system performance is affected. Determine whether to enable this function based on service requirements.
Parent topic: Other Products