Security

Recently, Bitnami announced that secure container images would only be available under a paid plan, and that they would stop maintaining most of their previous images, except for a few open-source projects. Bitnami container images are based on the minideb image, which includes fewer packages than a standard Debian image. I started wondering whether I could replace this with a Distroless image built using Bazel and maintain it myself.This blog explains how minideb and Distroless images are built.

I stumbled upon the PASETO specification. At first glance, it offers better security for a system. I researched it to figure out if it could bring any advantages to my system, which is built with Node.js and authenticates using bearer tokens.

OpenSCAP으로 Ubuntu20.04 이미지를 사용하는 가상서버의 취약점 리포트를 만들어보고, 보고된 취약점이 패치된 커널 버전으로 업그레이드 하여 해당 이슈를 해결해보았다. 이렇게 업그레이드 된 커널과 패키지들이 정상적으로 작동하는지 확인하고 사용할 수 있는 파이프라인을 만드는 것도 나중에 고민해봐야겠다.