We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Hardening a GeoNode Project – Some considerations about container security and optimization

Formal Metadata

Title
Hardening a GeoNode Project – Some considerations about container security and optimization
Title of Series
Number of Parts
351
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language
Production Year2022

Content Metadata

Subject Area
Genre
Abstract
The GeoNode, according to the project's website, is a platform for managing and publishing geospatial data. It brings together mature and stable open source software projects into a consistent, easy-to-use interface, allowing non-specialist users to share data and create interactive maps. In Brazil there is a growing use of GeoNode, observed mainly in governmental institutions and universities. One of the main ways of installing and configuring GeoNode is the so-called Geonode Project. It consists of a custom Django Project template, which contains, in addition to the main project files, a set of Dockerfiles of GeoNode components, such as GeoServer, Nginx (reverse proxy) and PostGIS. From a detailed analysis of the components of the GeoNode Project created, it was found that the original dockerfiles contain a series of security holes and also unnecessary packages for the execution of the stack, not recommended for production environments. A Dockerfile that follows best practices eliminates the need to run privileged containers (as root), the use of unnecessary packages, leaked credentials, like mail passwords or database DSNs, or anything that could be used for an attack. Removing known risks in advance will reduce security management work and service overhead. The objective of this talk corresponds to discuss the possible security holes found in the Geonode Project and, with the application of best practices in Dockerfiles, to make it leaner and safer for production environments. For demonstration purposes, there will have a project to be used as an example and will be hosted at GitHub: geonode-br/hardening-geonode-docker.
Keywords