diff --git a/auditd/etc/audit/rules.d/docker.rules b/auditd/etc/audit/rules.d/docker.rules new file mode 100644 index 0000000..80b6380 --- /dev/null +++ b/auditd/etc/audit/rules.d/docker.rules @@ -0,0 +1,13 @@ +-w /etc/docker -k docker +-w /etc/default/docker -k docker +-w /etc/docker/daemon.json -k docker +-w /etc/containerd/config.toml -k docker +-w /lib/systemd/system/docker.service -k docker +-w /lib/systemd/system/docker.socket -k docker +-w /run/containerd -k docker +-w /usr/bin/containerd -k docker +-w /usr/bin/containerd-shim -k docker +-w /usr/bin/containerd-shim-runc-v1 -k docker +-w /usr/bin/containerd-shim-runc-v2 -k docker +-w /usr/bin/runc -k docker +-w /var/lib/docker -k docker