ataidesorg/rockylinux Docker 镜像 - 轩辕镜像 | Docker 镜像高效稳定拉取服务
ataidesorg/rockylinuxataidesorg
Security-hardened Rocky Linux image for mission-critical environments
下载次数: 0状态:社区镜像维护者:ataidesorg仓库类型:镜像最近更新:22 天前
Rocky Linux Hardened Images
Security-hardened Rocky Linux container images implementing DISA STIG controls, CIS benchmarks, and enterprise security best practices for mission-critical environments.
Quick Start
bash# Use latest version docker pull ataidesorg/rockylinux:latest docker run --rm -it ataidesorg/rockylinux:latest # Use specific version docker pull ataidesorg/rockylinux:10 docker run --rm -it ataidesorg/rockylinux:10 # Use as base image FROM ataidesorg/rockylinux:10 # Your application here
What's Hardened
System Security
- Non-root execution (UID/GID 1001)
- Minimal package installation (UBI micro-based)
- Disabled unnecessary services
- Secure file permissions (restrictive umask 077)
- Hardened kernel parameters
- SELinux enforcement ready
Network Security
- Firewall rules configured (firewalld)
- Network services disabled
- FIPS-compliant SSH configuration
- IPv6 disabled by default
- TCP hardening and SYN cookies
- Secure host key generation
Audit & Logging
- Comprehensive audit rules (150+ STIG controls)
- Security event logging (rsyslog)
- File integrity monitoring (AIDE)
- Access control logging
- Centralized log forwarding ready
Authentication & Access
- Strong password policies (15+ chars, complexity)
- Account lockout protection (3 attempts)
- PAM hardening with faillock
- Sudo restrictions and logging
- Session timeout (15 minutes)
- Root account disabled
***graphy
- FIPS 140-2 compliant algorithms
- Strong encryption defaults
- Secure key management
- TLS 1.2+ enforcement
- SHA-256/SHA-512 hashing only
Compliance Standards
All Rocky Linux hardened images meet:
- RHEL 9 DISA STIG: Compatible with RHEL 9 Security Technical Implementation Guide
- CIS Benchmarks: Center for Internet Security Rocky Linux benchmarks
- NIST 800-53: National Institute of Standards cybersecurity framework
- NIST 800-190: Container security guidelines
- FIPS 140-2: Federal ***graphic standards
- Common Criteria: Enterprise security requirements
STIG Controls Implemented
Category I (High Severity)
- V-257777: Operating system version compliance
- V-257896: Ctrl-Alt-Delete key sequence disabled
- V-257901: Non-privileged user execution
- V-257898-V-257910: Password policy enforcement
- V-257825-V-257835: Network security controls
Category II (Medium Severity)
- V-257777-V-257787: System configuration hardening
- V-257788-V-257820: Comprehensive audit logging
- V-257860-V-257869: ***graphic controls
- V-257848-V-257859: File permission security
Category III (Low Severity)
- V-257870-V-257885: System cleanup and optimization
- Additional hardening beyond STIG requirements
- Container-specific security adaptations
Enterprise Features
FIPS Compliance
- FIPS 140-2 *** policies enabled
- FIPS-approved SSH algorithms
- Strong TLS/SSL configuration
- Validated ***graphic modules
Audit Trail
- 150+ audit rules covering all STIG requirements
- Real-time security event monitoring
- File integrity monitoring with AIDE
- Comprehensive access logging
Access Control
- Role-based access control ready
- Strong authentication policies
- Session management and timeouts
- Privilege escalation controls
Building Locally
bash# Clone repository git clone [***] cd container-images python scripts/build.py --filter rocky # Run security validation docker run --rm -u root ataidesorg/rockylinux:10 /opt/compliance-check.sh
Enterprise Integration
Container Orchestration
yaml# Kubernetes deployment example apiVersion: apps/v1 kind: Deployment metadata: name: secure-app spec: template: spec: securityContext: runAsNonRoot: true runAsUser: 1001 containers: - name: app image: ataidesorg/rockylinux:10 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL
Docker Compose
yamlversion: '3.8' services: secure-service: image: ataidesorg/rockylinux:10 security_opt: - no-new-privileges:true read_only: true user: "1001:1001"
License
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
<[***]>
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Security
If you discover a security vulnerability do not open a public issue, instead send an email to ***
Support
For enterprise support, training, and custom hardening requirements, contact ***
Ataides - Forging the future of cybersecurity through open-source innovation.
rockylinux/rockylinux
rockylinux
社区支持的Linux发行版,基于Red Hat提供的RHEL源代码构建,功能兼容RHEL,移除上游厂商品牌与图标,免费可再分发,每个版本提供长达10年维护。
101 次收藏500万+ 次下载
14 天前更新
rockylinux
Docker 官方镜像
Rocky Linux 的官方版本是由 CentOS 创始人之一 Gregory Kurtzer 发起的企业级 Linux 发行版,旨在作为 CentOS 停更后的替代方案,与 Red Hat Enterprise Linux(RHEL)完全兼容,提供稳定可靠的操作系统环境,支持长期维护,广泛适用于服务器部署及各类企业级应用场景,延续了 CentOS 社区对开源稳定系统的需求满足。
315 次收藏1000万+ 次下载
1 年前更新
rockylinux/rocky-toolbox
rockylinux
Rocky Linux工具箱镜像,提供开发及运维所需工具集,支持在容器环境中便捷使用。
2 次收藏1万+ 次下载
2 个月前更新
unidata/rockylinux
unidata
暂无描述
604 次下载
9 个月前更新
amd64/rockylinux
amd64
Rocky Linux官方Docker镜像,基于Red Hat Enterprise Linux源代码构建,提供社区支持的、与RHEL功能兼容的Linux环境,适用于容器化应用部署。
2 次收藏10万+ 次下载
1 年前更新
litmusimage/rockylinux
litmusimage
暂无描述
5万+ 次下载
23 天前更新
镜像拉取常见问题
使用与功能问题
错误码与失败问题
manifest unknown 错误:镜像不存在或标签错误
manifest unknown 错误
TLS/SSL 证书验证失败:Docker pull 时 HTTPS 证书错误
TLS 证书验证失败
DNS 解析超时:无法解析镜像仓库地址或连接超时
DNS 解析超时
410 Gone 错误:Docker 版本过低导致协议不兼容
410 错误:版本过低
402 Payment Required 错误:流量耗尽错误提示
402 错误:流量耗尽
401 UNAUTHORIZED 错误:身份认证失败或登录信息错误
身份认证失败错误
429 Too Many Requests 错误:请求频率超出专业版限制
429 限流错误
Docker login 凭证保存错误:Cannot autolaunch D-Bus(不影响登录)
凭证保存错误
账号 / 计费 / 权限
用户好评
来自真实用户的反馈,见证轩辕镜像的优质服务
oldzhang
运维工程师
Linux服务器
5
"Docker访问体验非常流畅,大镜像也能快速完成下载。"