« Previous 1 2 3 4
Investigating container security with auditd
Container Check
This Is the End
As you can tell, I have barely scratched the surface of the venerable auditd package. You can switch on user and group changes (e.g., the creation of new users or their group membership), and you can catch filesystem access from a particular application, yet ignore other events entirely.
With some forethought, a pinch of trial and error, and a teaspoon of patience, you can help mitigate the immediate confusion of how an attacker has breached a system if such an incident ever occurs. If you have set up the package correctly and monitored the affected system events, then auditd will be a true lifesaver in such a scenario: I expect my containers to benefit dramatically as a result.
Infos
- "Troubleshooting Kubernetes and Docker with a SuperContainer," by Chris Binnie, ADMIN, issue 40, 2017, pp. 26-29, http://www.admin-magazine.com/Archive/2017/40/Troubleshooting-Kubernetes-and-Docker-with-a-SuperContainer/(language)/eng-US
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)