I am currently conducting a security audit of a Rancher platform including RancherOS and Rancher Server. An important component of this audit is logging. For example, failed login attempts. Has anyone in this community conducted a security audit of a Rancher platform and if so gained experience with the logging of security related events for Rancher platforms?
audit.log such as http://man7.org/linux/man-pages/man8/auditd.8.html? You can open an issue to track
Thanks! I’m not sure what you mean by “open an issue to track”. Open an issue with Rancher?
I have been struggling with logging. There are to many places you need to set logging. I am still unclear how I get logs for audit purposes. Someone created an account in the system and I can’t tell who it was. That is very concerning.
My understanding is that auditd is not installed by default on RancherOS.
Yes, auditd is not installed in RancherOS by default. We are considering whether to add this feature.You can open an issue so that we can update the progress to this issue
I think it would be wise to consider adding auditd as a default. A primary reason is that it is considered a standard for security controls. The Rancher architecture is a bit unique and the data that would land in the auditd log would need to be reviewed, but this can big a big obstacle in security certification of the RancherOS. Folks do not want to get into the logistics of opening issues to get this installed as it just causes a lot of extra red tape.
Does that make sense?