Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-976

[AU-2]: Check if we can (and need) gather audit logs from the container runtime

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • 1
    • False
    • False
    • OCPPLAN-6104 - FedRAMP moderate controls
    • Undefined
    • CMP Sprint 33

      AU-2 asks for several audit records to be gathered, including "process tracking". While auditd on the Linux hosts audits all the process, we might need to know what process correlates to which workload

      Acceptance criteria

      • find out if just auditing processes is good enough or if we need to link the process to a workload. Linking the process to a workload can be done with crictl or information in /proc, but it's very user-unfriendly
      • find out if crio provides this information for us in some log (ask Sasha)

              jhrozek@redhat.com Jakub Hrozek (Inactive)
              jhrozek@redhat.com Jakub Hrozek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: