diff --git a/auditd/etc/audit/rules.d/docker.rules b/auditd/etc/audit/rules.d/docker.rules
new file mode 100644
index 0000000..80b6380
--- /dev/null
+++ b/auditd/etc/audit/rules.d/docker.rules
@@ -0,0 +1,13 @@
+-w /etc/docker -k docker
+-w /etc/default/docker -k docker
+-w /etc/docker/daemon.json -k docker
+-w /etc/containerd/config.toml -k docker
+-w /lib/systemd/system/docker.service -k docker
+-w /lib/systemd/system/docker.socket -k docker
+-w /run/containerd -k docker
+-w /usr/bin/containerd -k docker
+-w /usr/bin/containerd-shim -k docker
+-w /usr/bin/containerd-shim-runc-v1 -k docker
+-w /usr/bin/containerd-shim-runc-v2 -k docker
+-w /usr/bin/runc -k docker
+-w /var/lib/docker -k docker
diff --git a/docker/etc/docker/daemon.json b/docker/etc/docker/daemon.json
index cee3a96..a0dc279 100644
--- a/docker/etc/docker/daemon.json
+++ b/docker/etc/docker/daemon.json
@@ -1,4 +1,16 @@
 {
-    "userland-proxy": false,
-    "icc": false
+    "default-ulimits": {
+        "nofile": {
+            "Hard": 8192,
+            "Name": "nofile",
+            "Soft": 4096
+        }, "nproc": {
+            "Hard": 4096,
+            "Name": "nproc",
+            "Soft": 2048
+        }
+    },
+    "icc": false,
+    "no-new-privileges": false,
+    "userland-proxy": false
 }