proxychains apt install itguys:)

/usr/lib/proxychains3/proxyresolv: 17: dig: not found
|DNS-response|: api.ubuntu.org does not exist

The fact that container processes are visible from the host is one of the fundamental differences between container and virtual machines.

An attacker who gets access to the host can observe and affect all the containers running on that host, especially if they have root access.

Don't include anything in any layer of image that you aren't prepared to be seen by anyone who has access to the image.

Because tags can be moved from image to image, there is no guarantee that specifying an image by tag today will give you exactly the same result as it does tomorrow. In contrast, using the hash reference will give you the identical image, because the hash is defined from the contents of the image. Any change to the image results in a different hash.

switchport mode access
switchport access vlan <VLAN_ID>
switchport port-security

Use multi-stage builds

The multi-stage build is a way of eliminating unnecessary contents in the final image. An initial stage can include all the packages and toolchain required to build an image, but a lot of these tools are not needed at runtime. As an example, if you write an executable in Go, it needs the Go compiler in order to create an executable program. The container that runs the program doesn't need to have access to the Go compiler. In this example, it would be a good idea to break the build into a multi-stage build: one stage does the compilation and creates a binary executable; the next stage just has access to the standalone executable. The image that gets deployed has a much smaller attack surface; a nonsecurity benefit is that the image itself will also be smaller, so the time to pull the image is reduced.

Avoid unnecessary code

The smaller the amount of code in a container, the smaller the attack surface. Avoid adding packages, libraries, and executables into an image unless they are absolutely necessary.