Prompt #147

Back to prompts
Docker Compose Service Audit FU5
Analysis Β· openai/gpt-4.1
4/5
Variables
-
Tags
stack-aware,docker,compose,fu5,security,audit
Source
research-2026-05-01-stack-aware
Use count
0
Created
2026-05-01T18:30:48.776731+00:00
Updated
2026-05-01T18:30:48.776731+00:00

Content

Audit Docker Compose services for FU5 docker.sock exposure and other security issues.

Compose files to audit:
- /nvmetank1/docker/ai-stack.yml (yoga + support services)
- /nvmetank1/projects/rag-stack/docker-compose.yml (rag-stack:8801)

For each service check:
1. FU5: volumes must NOT include /var/run/docker.sock (CRITICAL)
2. Network mode: --network host exposes all ports β€” document each service using it
3. Env vars: no secrets hardcoded (AP3 secret-scan patterns)
4. Port bindings: services bound to 0.0.0.0 are LAN-accessible β€” compare with intended exposure
5. Image tags: no :latest tags in production services (pinned digest preferred)
6. Restart policy: must be unless-stopped or always for production services

Output: service | sock_exposed | network_mode | hardcoded_secrets | open_ports | issues