Information
Audit all Docker daemon activities.Apart from auditing your regular Linux file system and system calls, audit Docker daemon
as well. Docker daemon runs with 'root' privileges. It is thus necessary to audit its activities
and usage.
Solution
Add a rule for Docker daemon.For example,Add the line as below line in /etc/audit/audit.rules file--w /usr/bin/docker -k dockerThen, restart the audit daemon. For example,service auditd restartImpact-Auditing generates quite big log files. Ensure to rotate and archive them periodically. Also,
create a separate partition of audit to avoid filling root file system.
Default Value-By default, Docker daemon is not audited.