DEV Community: Felicity Lois

Docker in a Nutshell: Security

Felicity Lois — Wed, 08 Oct 2025 14:51:47 +0000

When I first started using Docker, I thought isolating apps in containers automatically made them secure. Turns out… that’s like saying your house is safe because it has walls, even though the doors are wide open.

In Part 1, we explored how Docker makes building and running containers simple and efficient. But in this post, we’ll peel back the curtain and talk about what can go wrong and how to secure your Docker environments like a pro.

We’ll cover:

Common Docker security risks
Best practices for securing containers and images
Real-world security mistakes
Tools for container hardening

Let’s dive in

The Docker Security Model

Before we start talking about what can go wrong, it helps to know what Docker actually secures for you.

Docker isolates processes using namespaces and control groups (cgroups).
Each container runs as if it’s its own system, but in reality, they all share the same kernel.

That’s both the magic and the risk.

So yes, your containers are separated, but not as much as a virtual machine would be.
If one container is compromised, clever attackers can still find ways to “jump” to others if permissions and configurations aren’t tight.

Common Docker Security Risks

Here’s where things start getting interesting (and slightly terrifying).

Running Containers as Root

The #1 rookie mistake.
By default, containers often run as root. If an attacker breaks in, they’re instantly the admin inside and sometimes even outside the container.

Fix: Always specify a non-root user in your Dockerfile.
USER appuser

Unverified Images from Docker Hub

“Looks legit” ≠ “is safe.”
Anyone can publish images on Docker Hub, and malicious actors often disguise malware as popular frameworks.

Fix:

"Only use official or verified publisher images"

"Run vulnerability scans before use"

Exposed Ports and Networks

Containers love open ports. Attackers love them too.
It’s easy to expose unnecessary ports in your docker run command or Compose file.

Fix:

"Expose only what you need"

"Use firewalls or Docker’s internal network isolation"

"Avoid mapping 0.0.0.0:PORT unless required"

Secrets Baked into Images

Embedding secrets in Dockerfiles or image layers is a disaster waiting to happen.
Those credentials live forever in your image history.

Fix: Use Docker secrets or environment variables passed at runtime instead of hardcoding them.
docker secret create db_password secret.txt

How to Secure Docker Like a Security Engineer

Now let’s talk defense. Here’s how to containerize responsibly

1. Use Docker Bench for Security

Docker’s own security audit tool scans your host and container configs for known issues.

docker run -it --net host --pid host --userns host --cap-add audit_control \
-v /var/lib:/var/lib -v /var/run/docker.sock:/var/run/docker.sock \
--label docker_bench_security \
docker/docker-bench-security

2. Drop Unneeded Capabilities

Most containers don’t need full kernel privileges. Drop them!

docker run --cap-drop=ALL --security-opt no-new-privileges myapp

This prevents privilege escalation, even if the container is compromised.

3. Sign and Verify Your Images

Enable Docker Content Trust to make sure only signed, verified images are pulled or run.

export DOCKER_CONTENT_TRUST=1

4. Limit Resource Access

Set memory, CPU, and file system limits so runaway processes don’t take down your host.

docker run -m 512m --cpus="1.0" myapp

5. Use Read-Only File Systems

Make your containers immutable when possible:

docker run --read-only myapp

Real-World Example: Tesla’s Docker Disaster

In 2018, attackers infiltrated Tesla’s Kubernetes cluster by exploiting a misconfigured Docker container.They found credentials stored in plain text inside an image, escalated privileges, and used Tesla’s cloud to run crypto miners.

The lesson?

One poorly secured container can become a breach vector for your entire infrastructure.

Tools for Docker Security

Conclusion

Docker makes software delivery easy, but security? That’s still on you.

Containers are isolated, not invincible.
Think of Docker security like sunscreen: you only realize you needed it after you get burned. ☀️

Docker in a Nutshell: Containers Made Simple

Felicity Lois — Tue, 07 Oct 2025 18:59:43 +0000

Docker has become one of those technologies you can’t avoid hearing about if you work in DevOps, Cloud, or backend development. For a while, I’d see engineers casually drop the word “containerized” in conversations like it was nothing, meanwhile, I was silently Googling what that meant.

Fast forward a few months, and I’ve spent quite a bit of time working with Docker, building, testing, and deploying applications in containers. And I can confidently say: Docker isn’t just another buzzword. It’s one of the most powerful tools for modern software development.

This post will break Docker down in plain terms, what it is, why it matters, and how it actually works. Think of this as a starting point if you’ve ever wondered what all the hype is about or if you’re ready to start using it in your own projects.

We’ll cover:

What Docker really is (beyond the marketing talk)
The difference between containers and virtual machines
Core Docker concepts you should know
How Docker fits into cloud and DevOps workflows
What to learn next

What Even Is Docker?

In simple terms, Docker is a platform for building, running, and shipping applications in containers.

A container is like a lightweight, portable box that holds everything your app needs to run the code, libraries, dependencies, and system tools. You can ship this box anywhere (AWS, your laptop, a CI/CD pipeline) and it’ll behave exactly the same.

That’s the magic.

Without Docker, developers often run into the infamous “it works on my machine” problem. Docker solves that by standardizing the environment your app runs in.

Containers vs Virtual Machines

This is one of the most important things to understand early.

A virtual machine (VM) runs a full operating system, complete with its own kernel, drivers, and memory allocation. That means it’s heavy and slower to start.

A container, on the other hand, shares the host’s operating system kernel and only includes what’s necessary for the app to run. It’s much smaller, faster, and more efficient.

Here’s a visual:

VM:        OS → App + Dependencies + Guest OS
Container: OS → App + Dependencies (no extra OS)

So while VMs might take minutes to spin up, containers can start in seconds (sometimes milliseconds).

Core Concepts in Docker

Docker has a few key building blocks. Once you understand these, the whole thing starts to make sense.

1. Dockerfile

A text file that defines how your image should be built.
Think of it as a recipe; listing all the ingredients (dependencies, commands, ports, etc.).

FROM node:18
WORKDIR /app
COPY . .
RUN npm install
CMD ["npm", "start"]

2. Image

An image is a snapshot of your application environment. It’s built from the Dockerfile and used to create containers.

3. Container

A running instance of an image. It’s your app, fully isolated and ready to go.

4. Docker Hub

A public registry where images are stored and shared, kind of like GitHub but for containers.

Why Docker Matters (Especially in Cloud & DevOps)

In cloud environments, scalability and consistency are everything. Docker helps achieve both.

Here’s how:

1. Consistency: The same container runs identically across environments (dev, staging, prod).

2. Portability: Works on AWS, Azure, GCP, or your local machine.

3. Efficiency: Containers use fewer resources than VMs, so you can run more apps per host.

4. Automation: Docker integrates perfectly with CI/CD tools like GitHub Actions, Jenkins, and GitLab.

Most importantly for security engineers: containers improve isolation. If one app is compromised, it’s sandboxed, reducing blast radius. (Although Docker security deserves its own post.)

Common Docker Commands

Here are a few commands you’ll use daily:

docker build -t myapp .        # Build image
docker run -d -p 3000:3000 myapp   # Run container
docker ps                      # List running containers
docker exec -it <container> bash   # Access container shell
docker stop <container>        # Stop a container

Get comfortable with these first; they form the foundation of every workflow.

Docker Compose

If you have multiple services (say, a web app + database + cache), managing them individually is a pain.
Docker Compose solves this by letting you define and run multi-container applications.

Example:

version: '3'
services:
  app:
    build: .
    ports:
      - "3000:3000"
  db:
    image: postgres
    environment:
      POSTGRES_PASSWORD: example

One command (docker-compose up) and everything spins up together.

Docker in the Cloud

Docker fits perfectly into modern cloud workflows:

Use it to containerize apps before deploying them to services like ECS, EKS, or GKE.
Combine it with Kubernetes for orchestration and scaling.
Automate builds with Terraform and CI/CD pipelines.

If you’re a cloud engineer or security specialist, Docker is one of those skills that will constantly show up in your day-to-day work, from managing microservices to running vulnerability scans.

What to Learn Next

Once you’re comfortable building and running containers locally, here’s what to explore next:

Docker Compose (multi-container apps)
Docker Networking
Docker Security & Best Practices
Pushing and pulling images from Docker Hub or private registries
Container orchestration with Kubernetes

Conclusion

Learning Docker completely changed the way I approach development. It took away the frustration of environment setup and replaced it with portability, consistency, and speed.

If you’re a cloud, DevOps, or security engineer, Docker is no longer optional. It’s a core part of how modern infrastructure works.

And once you get comfortable with it, trust me, you’ll never want to go back to “it works on my machine” again. 😅

In the next post, we’ll dive into Docker security, how attackers exploit misconfigurations, and how to lock down your containers before they ever hit production.

10 Linux commands every Cloud Security Engineer should master

Felicity Lois — Mon, 06 Oct 2025 17:58:51 +0000

In cloud security, Linux isn’t just an operating system; it’s your first line of defense.
From investigating incidents to hardening servers, knowing your way around the command line can make the difference between a secure system and a compromised one.

Here are 10 Linux commands every Cloud Security Engineer should master and how they help keep your infrastructure safe.

1. grep — The Investigator’s Best Friend

Logs tell stories, and grep helps you find the important ones fast.

grep -r "Failed password" /var/log/auth.log

Use case: Search for failed SSH login attempts or suspicious activity.
Pro tip: Combine with tail -f to monitor logs in real time during an investigation.

2. awk — Analyze Logs Like a Security Analyst

awk lets you extract and analyze fields from large log files or command outputs.

awk '{print $1, $3}' /var/log/auth.log | sort | uniq -c | sort -nr

Use case: Identify IPs with repeated failed login attempts.
Pro tip: Use awk in shell scripts to automate threat-hunting reports.

3. sed — Edit Sensitive Files Safely

Need to remove exposed credentials or misconfigurations quickly? sed lets you fix them fast without opening editors.

sed -i 's/password=.*/password=********/' config.env

Use case: Mask secrets or sanitize configuration files.
Pro tip: Always back up files before running sed -i in production.

4. ss (or netstat) — Spot Suspicious Connections

Network visibility is critical in cloud security.
With ss, you can see all active connections and listening ports.

ss -tuln

5. top / htop — Catch Resource Hijacking

When attackers gain access, they often use your compute resources (for cryptomining, for instance).

Use case: Identify CPU- or memory-hogging processes.
Pro tip: Press F5 in htop to view process trees and trace suspicious sub-processes.

6. df -h & du -sh — Monitor Storage for Clues

Sudden disk usage spikes can indicate data exfiltration or log flooding attacks.

df -h     # Check overall disk usage
du -sh *  # Identify large directories

Use case: Spot unexpected data growth in /tmp or /var/log.
Pro tip: Automate alerts when disk usage crosses a safe threshold.

7. ps aux | grep — Hunt for Malicious Processes

Attackers often disguise malicious binaries under legitimate names.
This command helps you detect them.

ps aux | grep python

Use case: Look for suspicious scripts running under service accounts.
Pro tip: Combine with ls -l /proc//exe to inspect the actual binary.

8. chmod & chown — Enforce Access Control

Weak file permissions are an open invitation for privilege escalation.

chmod 600 /etc/ssh/ssh_host_rsa_key
chown root:root /etc/ssh/ssh_host_rsa_key

Use case: Lock down SSH keys, config files, and credentials.
Pro tip: Regularly audit permissions in /etc/, /var/log/, and app directories.

9. tar & gzip — Secure Backups and Forensics

When performing incident response, you’ll often need to compress and transfer data securely.

tar -czvf logs_backup.tar.gz /var/log/

Use case: Create backups of logs or configurations for analysis.
Pro tip: Use encryption (gpg or openssl) for sensitive archives.

10. systemctl — Manage Services Securely

Attackers frequently target running services.
With systemctl, you can control, inspect, and harden service configurations.

systemctl status ssh
systemctl disable ftp

Use case: Check service status, disable unused ones, or restart after patching.
Pro tip: Use systemctl list-unit-files | grep enabled to find all active services.

Mastering Linux commands isn’t just about productivity; it’s about visibility, control, and defense.
As a Cloud Security Engineer, every keystroke on Linux can reveal vulnerabilities, secure systems, or stop an active threat.

The more fluent you become with Linux, the faster you can detect, respond, and prevent cloud security incidents.