vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 01:26:11 -08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
00a47ab5d36b52ef413b05920373713b25f37cc4
NetAlertX/docs/docker-troubleshooting/excessive-capabilities.md
Adam Outler 5b871865db /data and /tmp standarization
2025-11-09 17:03:25 +00:00

1.3 KiB
Raw Blame History

Excessive Capabilities

Issue Description

Excessive Linux capabilities are detected beyond the necessary NET_ADMIN, NET_BIND_SERVICE, and NET_RAW. This may indicate overly permissive container configuration.

Security Ramifications

While the detected capabilities might not directly harm operation, running with more privileges than necessary increases the attack surface. If the container is compromised, additional capabilities could allow broader system access or privilege escalation.

Why You're Seeing This Issue

This occurs when your Docker configuration grants more capabilities than required for network monitoring. The application only needs specific network-related capabilities for proper function.

How to Correct the Issue

Limit capabilities to only those required:

  • In docker-compose.yml, specify only needed caps: 
    cap_add:
  - NET_RAW
  - NET_ADMIN
  - NET_BIND_SERVICE
  • Remove any unnecessary --cap-add or --privileged flags from docker run commands

Additional Resources

Docker Compose setup can be complex. We recommend starting with the default docker-compose.yml as a base and modifying it incrementally.

For detailed Docker Compose configuration guidance, see: DOCKER_COMPOSE.md