Use the Docker Hardening Guide to configure the Cortex XSIAM settings when running Docker containers.
This guide describes the recommended engine settings for securely running Docker containers. For each engine that you want to apply Docker hardening, you need to edit the engine configuration file to include the Docker hardening parameters.
When editing the configuration file, you can limit container resources, open file descriptors, limit available CPU, etc. For example, add the following keys to the configuration file:
{"docker.run.internal.asuser": true,"limit.docker.cpu": true,"limit.docker.memory": true,"python.pass.extra.keys": "--pids-limit=256##--ulimit=nofile=1024:8192"}
Tip
We recommend reviewing the Docker Network Hardening guide, before changing any parameters in the configuration file.
To securely run Docker containers, it is recommended to use the latest Docker version.
You can Check Docker Hardening Configurations to verify that the Docker container has been hardened according to the recommended settings.
In the configuration file, you can update the following:
Action | Description |
---|---|
Fine tune settings for Docker images according to the Docker image name. | |
Protects the engine machine from a container using too many system resources. | |
We recommend limiting available memory for each container to 1 GB. | |
It is recommended to limit each container to 1 CPU. | |
It is recommend limiting each container to 256 PIDs. This value is sufficient for using threads and sub-processes, and protects against a fork bomb. | |
It is recommend using a soft/hard limit of 1024/8192 filed descriptors for each container process. |
Note
These settings can also be applied to Podman, with the exception of limiting available memory, limiting available CPU, and limiting PIDS.