3. Dockerized ELK stack with some maintenance scripts for a bare metal host or virt...

Dockerized ELK stack with some maintenance scripts for a bare metal host or virtual machine. It has great documentation.

Why docker?

Why not? Docker (and the general ecosystem that has been built around it the last fear years) is a great way to run stateless applications.

Container are a lot less secure because you need to run as root.

You don't run the docker container as root (unless you're running privileged containers but that's not the case here). The user inside the container may be root but that is a different issue (and bad practice)

With less secureity comes greater ability to get hacked.

Why are you exposing your ELK stack to the outside world? Someone would have to breach your network, get an RCE on ElasticSearch, Logstash, or Kibana (not unheard of to be fair), then break out of the container onto the container host. Note the first step, get into your network.

you are almost directly handing your credentials over to underground red hat hackers.

Those pesky hackers.

To me containers have no business in the current state of linux servers.

Why?

They provide no security benefits

Docker/containers are not a security mechanism, they never have been. The recent moves towards containerization are bout process isolation not security.

and are too new to work prroperly under load.

You have literally no idea what you are talking about.

Now just to be clear, I'm not a Docker fanboy. Docker isn't perfect, containers in general are not perfect but they do what they advertise very well (process isolation). They are not "lightweight" VMs, they are not meant to be used in lieu of standard security processes, and they certainly have issues but spreading badly typed FUD does no one any favours.

/r/sysadmin Thread Parent Link - github.com
Previous
Next

Recently removed from /r/sysadmin

I know of a crazy vulnerable Exchange server at my old work. What to do? Details inside. Intune Windows LAPS - Configuration Profile Applies Successfully, Yet Nothing Happens...Why? Woman starting in IT next month. Should I be worried or not? How to run a meaningful CyberSecurity Risk Workshop/Assesment Amazon Outage I don't know what I'm doing and I need help What's the point of using BitLocker with TPM instead of password when someone can always access your computer without entering a password on boot? How many of you despise IoT? Onboarding 1200 New Users - how to communicate passwords? Gen Z also doesn't understand desktops. after decades of boomers going "Y NO WORK U MAKE IT GO" it's really, really sad to think the new generation might do the same thing to all of us Modern SQL Express Backup Solution [GA] Employee claims she can't use Microsoft Windows for "Religious Reasons" So I got a "correctional talk" yesterday. Rant about new age "senior" IT "specialists" who don't know how to wipe their butt. Do you think remote work is slowly dying? Most companies seem to be pushing RTO, even big tech you folks think ?

More Random Comments

Barrett declines to say whether a president can unilaterally delay election California poised to reject affirmative action measure despite summer of activism Is race and intelligence actually related? Riot August was promoted to Principal Game Designer New [VID] and [AUD] releases this week that are way too much fun! Cum and enjoy them, or something custom! James shit-talks PENTA (real nasty stuff) When did a feeling of "we need to get out of here immedietally" save you? [D] understanding the advantages of "parallel computing" What is a clear sign that someone liked you, but you didn't realize until later? So why were cabal on the moon? Trump now more likely to lose Texas than win election, FiveThirtyEight models show Blizzard France going on strike tomorrow CV Review for Germany: workstudent/internships/junior Mixing Buddhism with other spiritual systems - let's talk in depth Thread Diario de Dudas, Consultas y Mitaps - 13/10