Workload misconfigurations

Ensure auditing is configured for Docker files and directories – /run/containerd (Automated)

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

Audit /run/containerd.
  • Recommended Mitigation

    You should add a rule for the /run/containerd directory. For example, Add the line as below to the /etc/audit/audit.rules file: -a exit,always -F path=/run/containerd -F perm=war -k docker. Then, restart the audit daemon using the following command: systemctl restart auditd