forked from konstruktoid/hardening
-
Notifications
You must be signed in to change notification settings - Fork 0
/
audit-docker.rules
34 lines (34 loc) · 1.59 KB
/
audit-docker.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Docker configuration and tools
-a exit,always -F path=/var/lib/docker -F perm=war -k docker
-w /etc/default/docker -p rwxa -k docker
-w /etc/docker -p rwxa -k docker
-w /etc/sysconfig/docker -p rwxa -k docker
-w /etc/sysconfig/docker-network -p rwxa -k docker
-w /etc/sysconfig/docker-registry -p rwxa -k docker
-w /etc/sysconfig/docker-storage -p rwxa -k docker
-w /etc/systemd/system/docker-registry.service -p rwxa -k docker
-w /etc/systemd/system/docker.service -p rwxa -k docker
-w /lib/systemd/system/docker-registry.service -p rwxa -k docker
-w /lib/systemd/system/docker.service -p rwxa -k docker
-w /lib/systemd/system/docker.socket -p rwxa -k docker
-w /usr/bin/containerd -p rwxa -k docker
-w /usr/bin/containerd-shim -p rwxa -k docker
-w /usr/bin/containerd-shim-runc-v1 -p rwxa -k docker
-w /usr/bin/containerd-shim-runc-v2 -p rwxa -k docker
-w /usr/bin/ctr -p rwxa -k docker
-w /usr/bin/docker -p rwxa -k docker
-w /usr/bin/docker-containerd -p rwxa -k docker
-w /usr/bin/docker-containerd-ctr -p rwxa -k docker
-w /usr/bin/docker-containerd-shim -p rwxa -k docker
-w /usr/bin/docker-init -p rwxa -k docker
-w /usr/bin/docker-proxy -p rwxa -k docker
-w /usr/bin/docker-runc -p rwxa -k docker
-w /usr/bin/dockerd -p rwxa -k docker
-w /usr/bin/dockerd-ce -p rwxa -k docker
-w /usr/bin/rootlesskit -p rwxa -k docker
-w /usr/bin/rootlesskit-docker-proxy -p rwxa -k docker
-w /usr/bin/runc -p rwxa -k docker
-w /usr/lib/systemd/system/docker-registry.service -p rwxa -k docker
-w /usr/lib/systemd/system/docker.service -p rwxa -k docker
-w /usr/sbin/runc -p rwxa -k docker
-w /var/run/docker.sock -p rwxa -k docker