From 20071340f02527840ff55052968fe8a6a4c8017b Mon Sep 17 00:00:00 2001
From: Claudio Maradonna <claudio@unitoo.pw>
Date: Thu, 22 Sep 2022 15:45:18 +0200
Subject: [PATCH] add auditd docker rules

---
 auditd/etc/audit/rules.d/docker.rules | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 auditd/etc/audit/rules.d/docker.rules

diff --git a/auditd/etc/audit/rules.d/docker.rules b/auditd/etc/audit/rules.d/docker.rules
new file mode 100644
index 0000000..80b6380
--- /dev/null
+++ b/auditd/etc/audit/rules.d/docker.rules
@@ -0,0 +1,13 @@
+-w /etc/docker -k docker
+-w /etc/default/docker -k docker
+-w /etc/docker/daemon.json -k docker
+-w /etc/containerd/config.toml -k docker
+-w /lib/systemd/system/docker.service -k docker
+-w /lib/systemd/system/docker.socket -k docker
+-w /run/containerd -k docker
+-w /usr/bin/containerd -k docker
+-w /usr/bin/containerd-shim -k docker
+-w /usr/bin/containerd-shim-runc-v1 -k docker
+-w /usr/bin/containerd-shim-runc-v2 -k docker
+-w /usr/bin/runc -k docker
+-w /var/lib/docker -k docker