Details
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-system_auditing.html
Solution
Add a rule for Docker daemon.For example,Add the line as below line in /etc/audit/audit.rules file–w /usr/bin/docker -k dockerThen, restart the audit daemon. For example,service auditd restartImpact-Auditing generates quite big log files. Ensure to rotate and archive them periodically. Also,
create a separate partition of audit to avoid filling root file system.
Default Value-By default, Docker daemon is not audited.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.