SvenDowideit
commented
7 years ago yeah, I'd like to have auditd available too - I recon its well worth starting wit your work - dare you to make some PR's :)
Open adampointer opened 7 years ago
SvenDowideit
commented
7 years ago yeah, I'd like to have auditd available too - I recon its well worth starting wit your work - dare you to make some PR's :)
adampointer
commented
7 years ago Dare accepted
binarymist
commented
4 years ago As an asside, I've been working through the https://rancher.com/docs/rancher/v2.x/en/security/benchmark-2.3.5/ in relation to RancherOS, it seems that a lot of the remediations are a little unclear in regards to RancherOS, like /etc/kubernetes/manifests/ doesn't seem to exist? Where might one find this directory?
Hi,
Would it be possible to have auditd starting on boot? I realise it needs to be a process which runs alongside docker and system-docker and cannot be containerised so deviates a little from the ideal of having everything as a container. However in order to make RancherOS comply with the CIS Docker benchmarks, having kernel auditing is a must-have, and makes running RancherOS in a PCI regulated environment an easier sell.
I have done some tinkering and found out a way to do this but its probably quite hacky and it would be nice if this was officially part of the OS rather than a separately maintained fork. My approach was to add the audit package to the os-base package and then change the Dockerfile.dapper in rancher/os to pull my custom release of os-base containing the auditing tools. I then modified scripts/layout to include the required executables and dlls. Finally I added a new function to init.go to start it on boot.
I would be happy to share the code but I am sure you could do a better job without it!