- If I execute the remediation in 1.1.8 of cis-1.3.1 which is auditing
containerd.sock ,the check 1.1.4 will also pass. Because the path of containerd.sock contains the /run/containerd
-w /run/containerd/containerd.sock -k docker
- As for check 1.1.4, if audit rule contains the directory
/run/containerd,It will PASS
auditctl -l | grep /run/containerd
- But in fact, I did not audit the directory
/run/containerd
containerd.sock,the check 1.1.4 will also pass. Because the path ofcontainerd.sockcontains the/run/containerd/run/containerd,It willPASSauditctl -l | grep /run/containerd/run/containerd