UBI
Definition
UBI, or Universal Base Image, is a lightweight, secure, and freely redistributable container image provided by Red Hat. It is designed to serve as a stable foundation for building containerized applications, ensuring compatibility with Red Hat Enterprise Linux (RHEL) while allowing developers to distribute their applications without requiring a RHEL subscription. UBI images include essential packages and libraries, making them suitable for a wide range of applications while maintaining a focus on security and compliance.
Secure Settings Example
# Dockerfile using UBI with minimal privileges
FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
# Set a non-root user
USER 1001
# Install necessary packages
RUN microdnf install -y httpd && microdnf clean all
# Set a secure entrypoint
ENTRYPOINT ["/usr/sbin/httpd", "-D", "FOREGROUND"]
Insecure Settings Example
# Dockerfile using UBI with root privileges and unnecessary packages
FROM registry.access.redhat.com/ubi8/ubi:latest
# Install packages with root user
RUN yum install -y httpd php mysql && yum clean all
# Run the application as root
USER root
# Set an insecure entrypoint
ENTRYPOINT ["/bin/bash"]