RancherOS Security Logging


#1

I am currently conducting a security audit of a Rancher platform including RancherOS and Rancher Server. An important component of this audit is logging. For example, failed login attempts. Has anyone in this community conducted a security audit of a Rancher platform and if so gained experience with the logging of security related events for Rancher platforms?


#2

audit.log such as http://man7.org/linux/man-pages/man8/auditd.8.html? You can open an issue to track


#3

Thanks! I’m not sure what you mean by “open an issue to track”. Open an issue with Rancher?


#4

I have been struggling with logging. There are to many places you need to set logging. I am still unclear how I get logs for audit purposes. Someone created an account in the system and I can’t tell who it was. That is very concerning.


#5

RancherOS not Rancher :slight_smile: . https://github.com/rancher/os/issues


#6

My understanding is that auditd is not installed by default on RancherOS.


#7

Yes, auditd is not installed in RancherOS by default. We are considering whether to add this feature.You can open an issue so that we can update the progress to this issue