I am only beginning to play with docker and reading about security practices.
Is there any benefit in actually creating a different nginx user? Can someone just brute-force default username?
The question is coming from my experiences, I have a VPS setup and noticed a constant barrage of attempts to login as www-data (default for apache?), etc. other "common' names?
That's a good question which someone might know a better answer.
Do you mean logging into the website hosted inside an nginx container or trying to get SSH access to container itself? Since container is very isolated by nature and in our example there is no SSH server running there's no logging into it directly. You have to have a real vulnerability in application to be at risk.
Is there a way to log in to nginx in a container? You might be right saying that there is no SSH server so no incoming connection, yet people are breaking apache/nginx and gain access to the machine?
Hi,
I am only beginning to play with docker and reading about security practices.
Is there any benefit in actually creating a different nginx user? Can someone just brute-force default username?
The question is coming from my experiences, I have a VPS setup and noticed a constant barrage of attempts to login as www-data (default for apache?), etc. other "common' names?
That's a good question which someone might know a better answer.
Do you mean logging into the website hosted inside an nginx container or trying to get SSH access to container itself? Since container is very isolated by nature and in our example there is no SSH server running there's no logging into it directly. You have to have a real vulnerability in application to be at risk.
Is there a way to log in to nginx in a container? You might be right saying that there is no SSH server so no incoming connection, yet people are breaking apache/nginx and gain access to the machine?
Directly, no. You would have to access the host node running the container. If the host gets compromised then the game is lost, more or less.