×ðÁú¿­Ê±¹ÙÍøµÇ¼

dockerµÄÈÝÆ÷Ôõô´ò²¹¶¡

¸ø docker ÈÝÆ÷´ò²¹¶¡µÄ¼¸ÖÖÒªÁìÓУºÊ¹Óùٷ½¿ÍÕ»¾µÏñ¡¢½¨Éè×Ô¼ºµÄ¾µÏñ²¢ÊÖ¶¯´ò²¹¶¡¡¢Ê¹Óò¹¶¡ÖÎÀí¹¤¾ß¡£Ïêϸ°ì·¨°üÀ¨£ºÊ¶±ðÐèÒªÐÞ²¹µÄÈÝÆ÷¡¢À­È¡²¹¶¡¾µÏñ¡¢Ìæ»»ÊÜÓ°ÏìµÄÈÝÆ÷¡¢ÑéÖ¤²¹¶¡¡£

Docker ÈÝÆ÷´ò²¹¶¡

Docker ÈÝÆ÷ÊÇÒ»ÖÖÇáÁ¿¼¶µÄÐéÄ⻯ÇéÐΣ¬¿ÉÒÔ×ÊÖú¿ª·¢ÕߺÍϵͳÖÎÀíÔ±¿ìËÙ¡¢Ò»Öµذ²ÅźÍÖÎÀíÓ¦ÓóÌÐò¡£ÎªÁ˼á³ÖÈÝÆ÷µÄÇå¾²ÐÔºÍÎȹÌÐÔ£¬°´ÆÚ¸øÈÝÆ÷´ò²¹¶¡ÖÁ¹ØÖ÷Òª¡£

ÔõÑù¸ø Docker ÈÝÆ÷´ò²¹¶¡

Óм¸ÖÖÒªÁì¿ÉÒÔ¸ø Docker ÈÝÆ÷´ò²¹¶¡£º

1. ʹÓà Docker ¹Ù·½¿ÍÕ»¾µÏñ

¹Ù·½¿ÍÕ»¾µÏñÓÉ Docker ά»¤£¬²¢°´ÆÚ¸üÐÂÇå¾²²¹¶¡¡£Äú¿ÉÒÔÔÚ [Docker Hub](https://hub.docker.com) ÉÏÕÒµ½¹Ù·½¾µÏñ¡£

docker pull your-image:latest

µÇ¼ºó¸´ÖÆ

2. ½¨Éè×Ô¼ºµÄÓ³Ïñ²¢ÊÖ¶¯´ò²¹¶¡

Äú¿ÉÒÔ½¨Éè×Ô¼ºµÄ Docker ¾µÏñ£¬²¢ÔÚÆäÖаüÀ¨ÐëÒªµÄ²¹¶¡¡£Ê¹Óà RUN Ö¸ÁîÔÚ¾µÏñ¹¹½¨Àú³ÌÖÐ×°Öò¹¶¡¡£

FROM base-image
RUN apt-get update && apt-get install -y patch-package

µÇ¼ºó¸´ÖÆ

3. ʹÓò¹¶¡ÖÎÀí¹¤¾ß

ÓÐÐí¶àµÚÈý·½¹¤¾ß¿ÉÒÔ×ÊÖúÄú×Ô¶¯ÖÎÀíÈÝÆ÷²¹¶¡¡£ÀýÈ磺

[Anchore Enterprise](https://anchore.com/products/enterprise)

[Twistlock](https://twistlock.com/)

[Aqua Security](https://www.aquasec.com/)

Ïêϸ°ì·¨

1. ʶ±ðÐèÒª²¹¶¡µÄÈÝÆ÷

ʹÓÃÒÔÏÂÏÂÁîɨÃèÈÝÆ÷ÊÇ·ñ±£´æÒÑÖªÎó²î£º

docker scan --list

µÇ¼ºó¸´ÖÆ

2. À­È¡²¹¶¡¾µÏñ

ʹÓùٷ½¿ÍÕ»»òÄú×Ô¼ºµÄ¾µÏñ£¬À­È¡°üÀ¨²¹¶¡µÄ×îоµÏñ¡£

3. Ìæ»»ÊÜÓ°ÏìµÄÈÝÆ÷

ɾ³ýÊÜÓ°ÏìµÄÈÝÆ÷²¢ÖØн¨ÉèËü£¬Ê¹ÓôøÓв¹¶¡µÄ¾µÏñ¡£

docker stop your-container
docker rm your-container
docker run -d --name your-container your-image:latest

µÇ¼ºó¸´ÖÆ

4. ÑéÖ¤²¹¶¡

ʹÓÃÒÔÏÂÏÂÁîÑéÖ¤ÈÝÆ÷ÊÇ·ñÒÑÀֳɴòÉϲ¹¶¡£º

docker inspect your-container | grep "Security"

µÇ¼ºó¸´ÖÆ

ÒÔÉϾÍÊÇdockerµÄÈÝÆ÷Ôõô´ò²¹¶¡µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ