Distributions
Securing and Hardening a container host
<p>In the age where customer data is turning out to be a new valuable resource for companies, and the increasing data breaches safeguarding the infrastructure is becoming more and more important. We the maintainers of Flatcar Container Linux, an operating system that thrives for security first will present the best practices to harden and secure your container hosts from the delivery to the different environments to ensure reliability, security and performance.</p>
Even the most secured Kubernetes cluster can have security issues in case the underlying OS is not correctly hardened.
In this talk, we will present the best practices to harden and secure your container hosts from the delivery to the different environments to ensure reliability, security and performance. Through an actual live example, we will introduce how Flatcar Container Linux is first built around security, and uses the hardening practices. From SELinux configuration to audit logs passing by its package management - let's see how this container optimized OS distro can contribute to reduce the surface attack and mitigating threats.
Additional information
| Type | devroom |
|---|
More sessions
| 2/6/22 |
<p>Like most developers, I'm against my will a volunteer system administrator. I take care of my personal and professional notebooks. I also maintain a powerful build server at home and a remote VPS hosting my blog. From times to times I even use a single board computer to host some services.</p> <p>A few years ago, all those machines ran different, dedicated Linux distributions: Ubuntu, ArchLinux, Debian, Raspbian, making the maintenance a nightmare. That was before diving into GNU Guix.</p> ...
|
| 2/6/22 |
<p>Flatcar Container Linux is a community driven Linux OS designed to run container workloads: let's see how the community can run the tests and how the Flatcar Team schedules the test before releasing the OS.</p>
|
| 2/6/22 |
<p>Flatcar Container Linux is a fully open source, minimal-footprint, secure by default and always up-to-date Linux distribution for running containers at scale. It is shipped as an image and does not include any package management. OS binaries and libraries reside on a read-only partition. This talk will briefly introduce Flatcar’s core concepts before diving into a detailed discussion on modifying, testing, and vending your own OS images using the SDK.</p>
|
| 2/6/22 |
<p>Distros have been the backbone of Linux for the past two decades, but with the advances made in cloud technology and infrastructure, they have started to become less relevant as a solution and product in itself. To be specific: Distros have been reduced from being the universal FOSS product that delivers a complete solution to the user, to a set of very nicely maintained “free beer” types of repos full of packages that make up application building blocks for custom stacks packaged with ...
|
| 2/6/22 |
<p>Imagine you're an engineer at an ODM or OEM working on a IoT product for the smarthome - from a simple thermostat to security alarms, from set top boxes to internet gateways.</p> <p>Linux is a fairly obvious choice to build these product that have greater than 128MB of RAM and storage. On resource-constrained devices, an RTOS such as Zephyr is able to even run on devices with as little as a few hundred KB of RAM and storage.</p> <p>However, the kernel is a small part of the device's software ...
|
| 2/6/22 |
<p>Maintaining a Linux distribution in a consistent and secure manner is challenging. Maintaining a one-to-one clone, can be even more challenging. Rocky Linux maintains a number of in-house tools to aid in this process and makes it as transparent and auditable as possible.</p>
|
| 2/6/22 |
<p>CentOS Stream was introduced in September 2019. In December 2020 it made news, raised a lot of questions and created long hand-wavy discussions and confusing arguments. During 2021 CentOS Stream 9 finally has found its place in the RHEL 9 development process. And now, in early 2022, we can take a good look at how it actually works.</p>
|
