<div dir="ltr">Hello, <div><br></div><div>I am trying to see if it is possible to run auditd inside of a openvz container. I was able to get it up and running the hardware node, but there are only a couple of instances that I would like to run audits on so running it on the hardware node is a good option for me. </div>
<div><br></div><div>I'm also open to a different auditing package that would work inside of a container. The main goal is to track all root commands, secondary would be to look for changes to /etc/*. </div><div><br>
</div><div>Thanks,<br></div><div>Keith. </div><div><br></div><div>DETAILS: </div><div>-----------------------</div><div>Host Node: </div><div><div>lsbdistdescription => Debian GNU/Linux 7.4 (wheezy)<br></div><div>... </div>
<div>ii linux-image-2.6.32-openvz-amd64 042stab084.26 amd64 ... <br></div><div>ii linux-image-openvz-amd64 042+1 amd64 OpenVZ Linux kernel (meta-package)</div>
<div>ii vzctl 4.6-1 amd64 server virtualization solution - control tools</div><div>ii vzdump 1.2.6-3 all OpenVZ backup scripts</div>
<div>ii vzquota 3.1-2 amd64 server virtualization solution - quota tools</div></div><div><br></div><div>Container: </div><div>Debian GNU/Linux 7.4 (wheezy)<br></div>
</div>