|
|
|
|
|
|
by raesene9
1710 days ago
|
|
|
Yep I've always had read only root filesystems down as a good control and one that's often not too tough to implement. Another favourite of mine would be using multi-stage builds and minimal base images in production (FROM Scratch, where possible). having limited or no tooling in the running container makes an attackers life trickier for sure. |
|
|