SolutionAdd a rule for /etc/sysconfig/docker file.
For example,Add the line as below in /etc/audit/audit.rules file
--w /etc/sysconfig/docker -k docker
Then, restart the audit daemon. For example,
#> service auditd restart
Impact-Auditing generates quite big log files. Ensure to rotate and archive them periodically. Also,
create a separate partition of audit to avoid filling root file system.
Default Value-By default, Docker related files and directories are not audited. The file
/etc/sysconfig/docker may not be available on the system. In that case, this
recommendation is not applicable.