{"id":23034157,"url":"https://github.com/autostructure/harden_docker","last_synced_at":"2026-06-08T14:32:11.251Z","repository":{"id":136317241,"uuid":"103975861","full_name":"autostructure/harden_docker","owner":"autostructure","description":"Hardens a docker host.","archived":false,"fork":false,"pushed_at":"2018-04-19T01:05:20.000Z","size":43,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-01-04T17:41:11.867Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/autostructure.png","metadata":{"files":{"readme":"README.markdown","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-18T18:24:45.000Z","updated_at":"2024-07-04T20:39:08.000Z","dependencies_parsed_at":null,"dependency_job_id":"fc7b7614-7fcd-4a11-b637-cb27141ff6ae","html_url":"https://github.com/autostructure/harden_docker","commit_stats":null,"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/autostructure/harden_docker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autostructure%2Fharden_docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autostructure%2Fharden_docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autostructure%2Fharden_docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autostructure%2Fharden_docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/autostructure","download_url":"https://codeload.github.com/autostructure/harden_docker/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autostructure%2Fharden_docker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34067348,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-15T16:29:36.757Z","updated_at":"2026-06-08T14:32:11.233Z","avatar_url":"https://github.com/autostructure.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/autostructure/harden_docker.svg?branch=master)](https://travis-ci.org/autostructure/harden_docker)\n[![Puppet Forge](https://img.shields.io/puppetforge/v/autostructure/harden_docker.svg)](https://forge.puppetlabs.com/autostructure/harden_docker)\n[![Puppet Forge](https://img.shields.io/puppetforge/f/autostructure/harden_docker.svg)](https://forge.puppetlabs.com/autostructure/harden_docker)\n\n#### Table of Contents\n\n1. [Overview](#overview)\n2. [Module Description - What the module does and why it is useful](#module-description)\n3. [Setup - The basics of getting started with harden_docker](#setup)\n    * [What harden_docker affects](#what-harden_docker-affects)\n    * [Setup requirements](#setup-requirements)\n    * [Beginning with harden_docker](#beginning-with-harden_docker)\n4. [Usage - Configuration options and additional functionality](#usage)\n5. [Reference - An under-the-hood peek at what the module is doing and how](#reference)\n5. [Limitations - OS compatibility, etc.](#limitations)\n6. [Development - Guide for contributing to the module](#development)\n\n## Overview\n\nHardens a Docker installation. Please note: this does NOT install Docker. It does not harden images or containers\n\n## Module Description\n\nOne of Puppet biggest strength's is securing and enforcing your environment. If you decide to run Docker it's very important you secure its\nconfiguration files and daemon.\n\nDocker is a great product, but it open to exploitation by savvy hackers. This module will help ensure:\n\n* Common sense hardening rules are enforced\n* Basic rules to help network performance between containers\n\n## Setup\n\n### What harden_docker affects\n\n* Configuration files and directories\n* Docker daemon Configuration\n  * **Warning** A daemon change will restart dockerd. But, only if the service is managed elsewhere.\n* Auditing rules for configuration files and directories\n\n### Setup Requirements\n\nThis module requires that Docker already be installed.\n\n### Beginning with harden_docker\n\nTo have Puppet harden docker with the default parameters, declare the [`harden_docker`][] class:\n\n``` puppet\nclass { 'harden_docker': }\n```\n\n## Usage\n\nYou can choose to turn off management of the files and configurations harden_docker manages.\n\nIf you are using Swarm you will want to turn off management of live-restore.\n\n``` puppet\nclass { 'harden_docker':\n  enable_live_restore =\u003e false,\n}\n```\n\n## Reference\n\n- [**Public classes**](#public-classes)\n    - [Class: harden_docker](#class-harden_docker)\n- [**Private classes**](#private-classes)\n    - [Class: harden_docker::config](#class-harden_dockerconfig)\n    - [Class: harden_docker::config_auditd](#class-harden_dockerconfig_auditd)\n    - [Class: harden_docker::config_daemon](#class-harden_dockerconfig_daemon)\n\n\n### Public Classes\n\n#### Class: `harden_docker`\n\nHardens a Docker installation. Please note: this does NOT install Docker. It also does not harden images or containers.\n\n##### `restrict_network_traffic_between_containers`\n\nDisables inter-container communication.\n\nValues: true, false\n\nDefault: `true`\n\n##### `set_the_logging_level`\n\nSet the logging level (\"debug\", \"info\", \"warn\", \"error\", \"fatal\") or false to turn off management (default \"info\")\n\nValues: false, \"debug\", \"info\", \"warn\", \"error\", \"fatal\"\n\nDefault: `info`\n\n##### `allow_docker_to_make_changes_to_iptables`\n\nEnable addition of iptables rules.\n\nValues: true, false\n\nDefault: `true`\n\n##### `disable_operations_on_legacy_registry`\n\nDisables contacting legacy registries.\n\nValues: true, false\n\nDefault: `true`\n\n##### `enable_live_restore`\n\nEnables live restore of docker when containers are still running. Do not use with Swarm.\n\nValues: true, false\n\nDefault: `true`\n\n##### `disable_userland_proxy`\n\nDisables use of userland proxy for loopback traffic.\n\nValues: true, false\n\nDefault: `true`\n\n## Limitations\n\nCurrently only supports Linux OS's.\n\n## Development\n\nFeel free to pull and contribute.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fautostructure%2Fharden_docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fautostructure%2Fharden_docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fautostructure%2Fharden_docker/lists"}