Skip to content

nikhilnayak98/csvs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

89 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Cyber Security for Virtualisation Systems

A scalable secure implementation of Docker runtime functionality for CentOS container and MariaDB container using Linux capabilities, SELinux and seccomp profiles. Base images were stripped down using Dockerslim and hardened to run as non-root users.

Progress 1

  • 1. Create different network for containers
  • 2. Set IP Addresses
  • 3. Set hostnames
  • 4. Set IP mapping with hostnames
  • 5. Set port mapping with host machines
  • 6. Set cpu cores
  • 7. Set limited memory
  • 8. Set memory swap
  • 9. Limit pids
  • 10. Set auto restarts
  • 11. Set the container to be read only
  • 12. Set writable temporary file systems that are required
  • 13. Mount read only volumes
  • 14. Set read, write output directory for stracing
  • 15. Drop all capabilities and add only the required capabilities
  • 16. Set name of the container

Progress 2

  • 1. Set SELinux policies
  • 2. Set seccomp profile

Progress 3

  • 1. Strip the images to their bare minimum size
  • 2. Add privilege escalation protection
  • 3. No root inside dbserver container
  • 4. Image stripping using dockerslim
  • 5. Pushed images to registry
    • gcr.io/u2185920/csvs2022-db_i
    • gcr.io/u2185920/csvs2022-web_i
    • gcr.io/u2185920/csvs2022-db_i:stripped
    • gcr.io/u2185920/csvs2022-web_i:stripped