Use predefined Hardening settings to harden & optimize your container image, based on your organization's risk tolerance
OverviewRapidFort offers several hardening presets for customizing how your workloads are hardened.
-
Light: Remove unused packages with high and critical severity vulnerabilities. This will keep unused packages with medium, low, and unknown severity vulnerabilities.
rfharden <stub_image> --preset light
- Standard: Remove unused packages with known vulnerabilities. This will keep unused packages with no known vulnerabilities.
rfharden <stub_image> --preset standard
-
Aggressive (default): Remove all unused packages. Use it or lose it!
rfharden <stub_image> --preset aggressive
The latest Redis image from Docker Hub has 81 vulnerabilities and has a size of 116.8 MB. After profiling the runtime behavior of the application, the image was hardened with each preset
|
Preset
|
Vulnerabilities
|
% Reduction
|
Hardened Size
|
% Reduction
|
|---|---|---|---|---|
|
light
|
26
|
67.9 %
|
56.2 MB
|
51.9 %
|
|
standard
|
8
|
90.1 %
|
42.9 MB
|
63.3 %
|
|
aggressive
|
8
|
90.1 %
|
25.8 MB
|
77.9 %
|
You may harden a stub image as many times as necessary, so if a preset does not fit your needs, simply harden the stub image again using a different preset.