七十三、容器安全-Docker运行环境检查

下载示例代码

• 示例代码下载(flask + redis healthcheck) 本节源码

解压后创建.evn文件

[vagrant@swarm-manager ~]$ sudo unzip compose-healthcheck-redis.zip
Archive:  compose-healthcheck-redis.zip
   creating: compose-healthcheck-redis/
  inflating: compose-healthcheck-redis/.dockerignore
 extracting: compose-healthcheck-redis/.env
 extracting: compose-healthcheck-redis/.gitignore
  inflating: compose-healthcheck-redis/docker-compose.yml
   creating: compose-healthcheck-redis/flask/
  inflating: compose-healthcheck-redis/flask/app.py
  inflating: compose-healthcheck-redis/flask/Dockerfile
   creating: compose-healthcheck-redis/nginx/
  inflating: compose-healthcheck-redis/nginx/nginx.conf
  inflating: compose-healthcheck-redis/README.md
[vagrant@swarm-manager compose-healthcheck-redis]$ more .env
REDIS_PASSWORD=ABC123

构建镜像并启动

docker-compose pull
docker-compose up -d

Docker 配置扫描

• Docker Bench for Security
  https://github.com/docker/docker-bench-security
  将安全软件clone到服务器然后运行sudo ./docker-bench-security.sh即可扫描docker环境