« Previous 1 2 3 4
Investigating container security with auditd
Container Check
This Is the End
As you can tell, I have barely scratched the surface of the venerable auditd package. You can switch on user and group changes (e.g., the creation of new users or their group membership), and you can catch filesystem access from a particular application, yet ignore other events entirely.
With some forethought, a pinch of trial and error, and a teaspoon of patience, you can help mitigate the immediate confusion of how an attacker has breached a system if such an incident ever occurs. If you have set up the package correctly and monitored the affected system events, then auditd will be a true lifesaver in such a scenario: I expect my containers to benefit dramatically as a result.
Infos
- "Troubleshooting Kubernetes and Docker with a SuperContainer," by Chris Binnie, ADMIN, issue 40, 2017, pp. 26-29, http://www.admin-magazine.com/Archive/2017/40/Troubleshooting-Kubernetes-and-Docker-with-a-SuperContainer/(language)/eng-US
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Auditing Docker Containers in a DevOps Environment
The handy auditd package can help track down weaknesses in your system before, during, or after an attack. -
Monitoring events with the Audit daemon
Use this powerful audit framework to log events on your Linux system. -
Managing containers with Podman
The Podman container management tool does not use a daemon in the background, like its counterpart Docker, and can operate in non-privileged mode. -
Linux nftables packet filter
The latest nftables packet filter implementation, now available in the Linux kernel, promises better performance and simpler syntax and operation.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
