ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    HIDS for Docker Host

    IT Discussion
    wazuh docker hids intrustion dectection
    1
    1
    403
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ
      last edited by

      I am in the process of configuring wazuh for docker hosts. I would like to brainstorm a bit on here and figure out what may be important to monitor on these hosts vs standard VMs.

      Some of the things I have come up with so far:

      • Changes to any containers - create, start, stop, delete, etc

      • Any privilege escalation - docker containers should never be run as root. If root access is some how achieved within the container, they will have root access to the host. So any sudo or commands run as root would be REALLY bad

      • File Integrity Monitoring - Files should not change on hosts outside normal maintenance windows. Any file change on the host that isnt a log file or temp directory could be a really bad thing.

      So I am also monitoring all the same stuff I would on a normal host. I am just trying to think of any security challenges that may be unique to docker hosts.

      1 Reply Last reply Reply Quote 1
      • 1 / 1
      • First post
        Last post