A Study on the "1.1 - Create a Separated Partition for Containers" of C.I.S

Security

A Study on the "1.1 - Create a Separated Partition for Containers" of C.I.S

2018. 8. 15. 09:00

The reason for "Create a separate partition" is that the availability of the system is considered when capacity is high.

Therefore, Cis recommends "Create a separate partition" for availability, and considering other security issues, it is necessary to consider the access rights of the mounting location.

This is because if the user is not intended to mount a particular location, it could lead to an infringement.

Procedure for mounting is as follows.

ref : https://github.com/nearform/devops/blob/master/packer/securing-docker/scripts/volume.sh

sudo mkfs -t ext4 /dev/xvdf

sudo mkdir /mnt/data-store

sudo mount /dev/xvdf /mnt/data-store

echo "/var/lib/docker /mnt/data-store bind defaults,bind 0 0" | sudo tee -a /etc/fstab

'Security' 카테고리의 다른 글

Use the Docker Run option and Bash briefly. (0)	2018.08.17
how to see the docker image file (0)	2018.08.16
Ubuntu & Docker compose Setting Note 2 - Error handling (0)	2018.08.14
Ubuntu & Docker compose Setting Note 1 (0)	2018.08.13
Mounting files in the image with the docker host. Note (0)	2018.08.12

Security

A Study on the "1.1 - Create a Separated Partition for Containers" of C.I.S

'Security' 카테고리의 다른 글

notice

category

recent posts

recent comments

tag cloud

my link

statistics

티스토리툴바