RancherOS Security Logging

#1

I am currently conducting a security audit of a Rancher platform including RancherOS and Rancher Server. An important component of this audit is logging. For example, failed login attempts. Has anyone in this community conducted a security audit of a Rancher platform and if so gained experience with the logging of security related events for Rancher platforms?

1 Like
#2

audit.log such as http://man7.org/linux/man-pages/man8/auditd.8.html? You can open an issue to track

#3

Thanks! I’m not sure what you mean by “open an issue to track”. Open an issue with Rancher?

#4

I have been struggling with logging. There are to many places you need to set logging. I am still unclear how I get logs for audit purposes. Someone created an account in the system and I can’t tell who it was. That is very concerning.

#5

RancherOS not Rancher :slight_smile: . https://github.com/rancher/os/issues

#6

My understanding is that auditd is not installed by default on RancherOS.

#7

Yes, auditd is not installed in RancherOS by default. We are considering whether to add this feature.You can open an issue so that we can update the progress to this issue

1 Like
#8

I think it would be wise to consider adding auditd as a default. A primary reason is that it is considered a standard for security controls. The Rancher architecture is a bit unique and the data that would land in the auditd log would need to be reviewed, but this can big a big obstacle in security certification of the RancherOS. Folks do not want to get into the logistics of opening issues to get this installed as it just causes a lot of extra red tape.

Does that make sense?

1 Like