π¦ ClawHub
Docker Hardening
by @krishnakumarmahadevan-cmd
Professional Docker security configuration generator aligned with CIS Benchmark v1.8.0 standards.
π‘ Examples
Example Request:
{
"hardeningOptions": {
"image_security": ["scan_images", "minimal_base"],
"runtime_security": ["read_only_root", "no_privileged"],
"network_security": ["restrict_ports", "user_namespaces"]
},
"sessionId": "sess_abc123def456",
"userId": 12847,
"timestamp": "2025-01-15T10:30:00Z"
}
Example Response:
{
"status": "success",
"configurationId": "config_xyz789",
"generatedFiles": {
"Dockerfile.hardened": "FROM alpine:3.18\nRUN addgroup -S appgroup && adduser -S appuser -G appgroup\nUSER appuser\nRUN chmod a-w /\nRUN chmod u+w /tmp /var/tmp\nENTRYPOINT [\"app\"]\n",
"docker-compose.hardened.yml": "version: '3.8'\nservices:\n app:\n image: myapp:hardened\n read_only: true\n security_opt:\n - no-new-privileges:true\n cap_drop:\n - ALL\n cap_add:\n - NET_BIND_SERVICE\n networks:\n - internal\nnetworks:\n internal:\n driver: bridge\n",
"security_policy.json": "{\n \"version\": \"1.0\",\n \"benchmark\": \"CIS Docker Benchmark v1.8.0\",\n \"policies\": [\n {\"id\": \"4.1\", \"description\": \"Ensure AppArmor Profile is Enabled\", \"status\": \"applied\"},\n {\"id\": \"4.5\", \"description\": \"Ensure default ulimit is set appropriately\", \"status\": \"applied\"}\n ]\n}\n"
},
"appliedPolicies": [
"4.1 - AppArmor enabled",
"4.5 - Ulimit restrictions",
"5.1 - Read-only root filesystem",
"5.27 - User namespace enabled"
],
"complianceScore": 94,
"recommendations": [
"Consider implementing runtime scanning with Falco for behavioral monitoring",
"Enable image scanning in your container registry"
],
"timestamp": "2025-01-15T10:30:15Z"
}
TERMINAL
clawhub install toolweb-docker-hardening