Workload misconfigurations

Ensure auditing is configured for Docker files and directories – containerd.sock (Automated)

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

Audit containerd.sock, if applicable.
  • Recommended Mitigation

    If the file exists, you should add a rule for it. Add the line to the /etc/audit/audit.rules file: -w /run/containerd/containerd.sock -k docker. Then restart the audit daemon: systemctl restart auditd