d9b4385673
- fix bsc#984942: audit.rules in docker-1.9.1-58.1.x86_64.rpm has a syntax error OBS-URL: https://build.opensuse.org/request/show/406826 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=115
28 lines
1.2 KiB
Plaintext
28 lines
1.2 KiB
Plaintext
##
|
|
# Audit rules based on CIS Docker 1.6 Benchmark v1.0.0
|
|
# https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.6_Benchmark_v1.0.0.pdf
|
|
# Not all of these apply to SUSE.
|
|
# 1.8 Audit docker daemon
|
|
-w /usr/bin/docker -k docker
|
|
# 1.9 Audit Docker files and directories
|
|
-w /var/lib/docker -k docker
|
|
# 1.10 Audit /etc/docker
|
|
-w /etc/docker -k docker
|
|
# 1.11 Audit Docker files and directories - docker-registry.service
|
|
-w /usr/lib/systemd/system/docker-registry.service -k docker
|
|
# 1.12 Audit Docker files and directories - docker.service
|
|
-w /usr/lib/systemd/system/docker.service -k docker
|
|
# 1.13 Audit Docker files and directories - /var/run/docker.sock
|
|
-w /var/run/docker.sock -k docker
|
|
# 1.14 Audit Docker files and directories - /etc/sysconfig/docker
|
|
-w /etc/sysconfig/docker -k docker
|
|
# 1.15 Audit Docker files and directories - /etc/sysconfig/docker-network
|
|
-w /etc/sysconfig/docker-network -k docker
|
|
# 1.16 Audit Docker files and directories - /etc/sysconfig/docker-registry
|
|
-w /etc/sysconfig/docker-registry -k docker
|
|
# 1.17 Audit Docker files and directories - /etc/sysconfig/docker-storage
|
|
-w /etc/sysconfig/docker-storage -k docker
|
|
# 1.18 Audit Docker files and directories - /etc/default/docker
|
|
-w /etc/default/docker -k docker
|
|
## end docker audit rules
|