On 4/28/23 14:48, Steve Grubb wrote:
On Friday, April 28, 2023 3:54:32 AM EDT 江杨 wrote:
May I ask if Auditd supports Docker? Thank you
https://listman.redhat.com/archives/linux-audit/2018-July/msg00078.html
There is no active work that I know of to put auditd in a container. It's
libraries are used by many applications. So, I don't know what use it would
be to containerize it.
And if you are asking if auditd can audit events in a container, I think that
answer is also no.
-Steve
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
I don't believe there is anything to prevent auditd from running within
a container. You can turn up and down the container to many different
levels or security separation. There will be some security things that
need to be turned off.
Running a contianer privileged will turn off almost everything form a
security perspective, and then running with some of the namespaces
shared with the host.
Something like
podman run --privileged --network=host --pid=host ... auditimage
Should work.
Later tightening up the security should also be possible, but you would
need to know what auditd needs access to.
With all that said, I am not sure what you are trying to achieve by
containerizing the audit daemon.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
