DevOps and Containers Security , livre ebook

icon

211

pages

icon

English

icon

Ebooks

2020

icon jeton

Vous pourrez modifier la taille du texte de cet ouvrage

Lire un extrait
Lire un extrait

Obtenez un accès à la bibliothèque pour le consulter en ligne En savoir plus

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris
icon

211

pages

icon

English

icon

Ebooks

2020

icon jeton

Vous pourrez modifier la taille du texte de cet ouvrage

Lire un extrait
Lire un extrait

Obtenez un accès à la bibliothèque pour le consulter en ligne En savoir plus

Secure your applications and development environments with Docker and Kubernetes Key Featuresa- Introducing Container platforms (Docker, Kubernetes, Swarm, OpenShift)a- Discover how to manage high availability with Docker Swarm and Kubernetesa- Learn how Docker can manage the security in images and containersa- Discover how Docker can be integrated into development workflows in applicationsa- Discover vulnerabilities in the Docker containers and images with practical examples to secure your container-based applicationsa- Discover tools for monitoring and administration Docker and Kubernetes applicationsDescriptionThrough this book, we will introduce the DevOps tools ecosystem and the main containers orchestration tools through an introduction to some platforms such as Kubernetes, Docker Swarm, and OpenShift.Among other topics, both good practices will be addressed when constructing the Docker images as well as best security practices to be applied at the level of the host in which those containers are executed, from Docker's own daemon to the rest of the components that make up its technological stack.We will review the topics such as static analysis of vulnerabilities on Docker images, the signing of images with Docker Content Trust and their subsequent publication in a Docker Registry will be addressed. Also, we will review the security state in Kubernetes.In the last section, we will review container management and administration open source tools for IT organizations that need to manage and monitor container-based applications, reviewing topics such as monitoring, administration, and networking in Docker.What will you learna- Learn fundamental DevOps skills and tools, starting with the basic components and concepts of Docker.a- Learn about Docker as a platform for the deployment of containers and Docker images taking into account the security of applications.a- Learn about tools that allow us to audit the security of the machine where we execute Docker images, finding out how to secure your Docker host.a- Learn how to secure your Docker environment and discover vulnerabilities and threats in Docker images.a- Learn about creating and deploying containers in a security way with Docker and Kubernetes.a- Learn about monitoring and administration in Docker with tools such as cadvisor, sysdig, portainer, and Rancher.Who this book is forThis book covers different techniques to help developers improve DevOps and container security skills and can be useful for people who are involved in software development and want to learn how Docker works from a security point of view. It is recommended that readers have the knowledge about UNIX commands and they work with commands terminal. Table of Contents1. Getting started with DevOps2. Container platforms3. Managing Containers and Docker images4. Getting started with Docker security5. Docker host security6. Docker images security7. Auditing and analyzing vulnerabilities in Docker containers8. Kubernetes security9. Docker container networking10. Docker container monitoring11. Docker container administrationAbout the AuthorJose Manuel Ortega is a software engineer and security researcher with a special focus on new technologies, open source, security and testing. In recent years, he is interested in security development, especially with Python and security best practices with Docker and Kubernetes. Conferences and talks related with python, security and docker are available on his personal website http://jmortega.github.io.Your Blog links: http://jmortega.github.io/Your LinkedIn Profile:https://www.linkedin.com/in/jmortega1/
Voir icon arrow

Publié par

Date de parution

23 mars 2020

Nombre de lectures

9

EAN13

9789389423549

Langue

English

Poids de l'ouvrage

1 Mo

DevOps and Containers Security

Security and Monitoring in Docker Containers

by
Jose Manuel Ortega Candel
FIRST EDITION 2020
Copyright © BPB Publications, India
ISBN: 978-93-89423-532
All Rights Reserved. No part of this publication may be reproduced or distributed in any form or by any means or stored in a database or retrieval system, without the prior written permission of the publisher with the exception to the program listings which may be entered, stored and executed in a computer system, but they can not be reproduced by the means of publication.
LIMITS OF LIABILITY AND DISCLAIMER OF WARRANTY
The information contained in this book is true to correct and the best of author’s & publisher’s knowledge. The author has made every effort to ensure the accuracy of these publications, but cannot be held responsible for any loss or damage arising from any information in this book.
All trademarks referred to in the book are acknowledged as properties of their respective owners.
Distributors:
BPB PUBLICATIONS
20, Ansari Road, Darya Ganj
New Delhi-110002
Ph: 23254990/23254991
MICRO MEDIA
Shop No. 5, Mahendra Chambers,
150 DN Rd. Next to Capital Cinema,
V.T. (C.S.T.) Station, MUMBAI-400 001
Ph: 22078296/22078297
DECCAN AGENCIES
4-3-329, Bank Street,
Hyderabad-500195
Ph: 24756967/24756400
BPB BOOK CENTRE
376 Old Lajpat Rai Market,
Delhi-110006
Ph: 23861747
Published by Manish Jain for BPB Publications, 20 Ansari Road, Darya Ganj, New Delhi-110002 and Printed by him at Repro India Ltd, Mumbai
Dedicated to
My Parents and Brothers
About the Author
Jose Manuel Ortega has been working as asoftware engineer and security researcher with a special focus on new technologies, open source, security, and testing. His career target has been to specialize in Python and DevOps security projects with Docker. Currently, he is working as a security tester engineer and his functions in the project are analysis and testing the security of applications both web and mobile environments.
He has collaborated with universities andwith theofficial college of computer engineers presenting articles and holding some conferences. He has also been a speaker at various conferences both national and international and is very enthusiastic to learn about new technologies and loves to share his knowledge with community.
Conferences and talks related with Python, Security, and Docker are available on his personal websites http://jmortega.github.io and https://jmortegac.wixsite.com/conferences/conferences .
About the Reviewers
Mitesh is a DevOps Evangelist. He is in love with the DevOps culture and concept. Continuous improvement is his motto in life with existing imperfection. He has recently authored a book named Agile, DevOps and Cloud Computing with Microsoft Azure ( https://www.amazon.com/Agile-DevOps-Computing-Microsoft-Hands/dp/9388511905 ).
Ajay Bhaskar is a DevOps enthusiast and eager to learn new technologies related to automating application life cycle management. He loves to explore Docker. He has published an article Configuring Jenkins on Docker.
Acknowledgement
First and foremost, I would like to thank everyone at BPB Publications for giving me this opportunity to publish my book.
I would like to thank my teachers at the Universityfor inspiring me to continuously learn in a world that is becoming increasingly complex.
Lastly, I would like to thank the reviewers and publishers for carrying out this project successfully.
—Jose Manuel Ortega Candel
Preface
In the last few years, the knowledge of DevOps toolsin IT companies has increased due to the growth of specific technologies based on containers such as Docker and Kubernetes. Docker is an open source containerization tool that makes it easier to streamline product delivery and Kubernetes is a portable and extensible open source platform for managing workloads and services. The primary goal in the development of this book is to create a theory and practice mix that emphasizes onthe core concepts of DevOps, Dockercontainers, and Kubernetes clustering from a security, monitoring and administration perspective. This book is helpful to learn the basic and advanced concepts of Docker containers from a security point of view. This book is divided into 11 chapters and provides a detailed description of the core concepts of DevOps tools and Docker containers.
Chapter 1 introduces DevOps methodologies and tools as a new movement that tries to improve the agility in the provision of services.
Chapter 2 introduces main Containers platforms such as Docker Swarm, Kubernetes, and OpenShiftthat provide a common tooling for both development and operations teams.
Chapter 3 discusseshow Docker manage images and containers, the main commands used for generating our images, and how we can reduce the attack surfaceminimizing the size of Docker images.
Chapter 4 covers topics such as security best practices and other aspects like Docker capabilities, which containers leverage in order to provide more features such as the privileged container.
Chapter 5 covers topics such as AppArmor and seccomp profiles that provide kernel-enhancement features in order to limit system calls. Also, we will review tools such as Docker Bench Security and Lynis that follow security best practices in the Docker environment.
Chapter 6 coversopen source tools such as Clair with the quay.io repository and Anchore for discovering vulnerabilities in Docker images.
Chapter 7 discussestopics such as Docker Container threats and system attacks, which can make an impact in Docker applications like exploits that could target running containers. Also, we will review specific CVE in Docker images and how we can get details about specific vulnerability with the Vulners API.
Chapter 8 introduces Kubernetes Bench for the Security project as an application that checks whether Kubernetes is implemented securely by executing the controls documented in the CIS Kubernetes Benchmark guide.
Chapter 9 introduces the essential components of Docker networking, including how we can communicate and link Docker containers. Also, we will review other concepts like port mapping that Docker uses for exposing the TCP ports that provide services from the container to the host.
Chapter 10 talks about some of the open source tools available for Docker container monitoring such as cadvisor, dive, and sysdigfalco.
Chapter 11 introduces some of the open source tools available for Docker container administration such as rancher and portainer.io.
Errata
We take immense pride in our work at BPB Publications and follow best practices to ensure the accuracy of our content to provide with an indulging reading experience to our subscribers. Our readers are our mirrors, and we use their inputs to reflect and improve upon human errors if any, occurred during the publishing processes involved. To let us maintain the quality and help us reach out to any readers who might be having difficulties due to any unforeseen errors, please write to us at :
errata@bpbonline.com
Your support, suggestions and feedbacks are highly appreciated by the BPB Publications’ Family.
Table of Contents
1. Getting Started with DevOps
Structure
Objectives
What is DevOps?
DevOps methodologies
Management and planning
Development and building code
Continuous integration and testing
Automated deployment
Operations, ensuring the proper functioning in the production environment
Monitoring
Continuous Integration and Continuous Delivery
Software Delivery Pipeline
DevOps tools
DevOps and security
An introduction to DevSecOps
Conclusion
2. Container Platforms
Structure
Objectives
Docker containers
What is Docker?
Docker new features for container management
Docker architecture
Docker engine
Docker registry
Docker client
Testing Docker in the cloud
Container orchestration
Docker compose
Kubernetes
Kubernetes installation &key terms
Kubernetes cloud solutions
Docker swarm
Swarm in practice
OpenShift container platform
OpenShift as Platform as a Service
DevOps with OpenShift
OpenShift core items
Learning scenarios
Conclusion
3. Managing Containers and Docker Images
Structure
Objectives
Managing Docker images
Introducing Docker images
Docker layers
Image tags
Design considerations for Docker images
Dockerfile commands
What is a Dockerfile?
Building images from Dockerfile
Best practices writing Dockerfiles
Managing Docker containers
Search and execute a Docker image
Executing a container in background mode
Inspecting Docker containers
Optimizing Docker images
Docker’s cache
Docker build optimization
Building an application with Node.js
Reducing image size with multistage
Reducing image size with alpine Linux
Distroless images
Conclusion
4. Getting Started with Docker Security
Structure
Objectives
Docker security principles
Docker daemon attack surface
Security best practices
Execution with a non-root user
Start containers in read-only mode
Disable setuid and setgid permissions
Verifying images with content trust
Resource limitation
Docker capabilities
Listing all capabilities
Add and drop capabilities
Disabling ping in a container
Adding capability for managing network
Execution of privileged containers
Docker content trust
Signing images mechanism
Secure download in Dockerfiles
Notary as a tool for managing images
Docker registry
What is a registry?
Docker registry in Docker hub
Creating Docker local registry
Conclusion
Questions
5. Docker Host Security
Structure
Objectives
Docker daemon security
Auditing files and directories
Kernel Linux security and SELinux
Apparmor and Seccomp profiles
Installing AppArmor on Ubuntu distributions
AppArmor in practice
AppArmorDocker-default profile
Run container without AppArmor profile
Defense in-de

Voir icon more
Alternate Text