[lxc-users] Syscall auditing via auditd for lxc-guests
Fiedler Roman
Roman.Fiedler at ait.ac.at
Tue Mar 10 13:09:35 UTC 2015
Hello List,
It seems that auditd cannot be started in guest:
# augenrules --load
The audit system is disabled
The host system seems to miss the audit events from the guest, so no host
audit either.
Is there a way to audit guest syscalls, e.g. execve? There is no need to
have the guest doing that, it could be also on host for guest. In fact I
would even appreciate later solution where the host audits the guest without
any means by the guest to escape the audit.
Could some namespace trickery make it work?
Kind Regards,
Roman
DI Roman Fiedler
Scientist
Digital Safety & Security Department
Assistive Healthcare Information Technology
AIT Austrian Institute of Technology GmbH
Reininghausstraße 13/1 | 8020 Graz | Austria
T +43(0) 50550 2957 | M +43(0) 664 8561599 | F +43(0) 50550 2950
roman.fiedler at ait.ac.at | http://www.ait.ac.at/
FN: 115980 i HG Wien | UID: ATU14703506
http://www.ait.ac.at/Email-Disclaimer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6344 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150310/e169ff6d/attachment.bin>
More information about the lxc-users
mailing list