I am currently conducting a security audit of a Rancher platform including RancherOS and Rancher Server. An important component of this audit is logging. For example, failed login attempts. Has anyone in this community conducted a security audit of a Rancher platform and if so gained experience with the logging of security related events for Rancher platforms?
audit.log such as http://man7.org/linux/man-pages/man8/auditd.8.html? You can open an issue to track
Thanks! I’m not sure what you mean by “open an issue to track”. Open an issue with Rancher?
I have been struggling with logging. There are to many places you need to set logging. I am still unclear how I get logs for audit purposes. Someone created an account in the system and I can’t tell who it was. That is very concerning.
My understanding is that auditd is not installed by default on RancherOS.
Yes, auditd is not installed in RancherOS by default. We are considering whether to add this feature.You can open an issue so that we can update the progress to this issue