Details
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-system_auditing.html
Solution
If the file exists, add a rule for it.For example,Add the line as below in /etc/audit/audit.rules file–w /usr/lib/systemd/system/docker.service -k dockerThen, restart the audit daemon. For example,service auditd restart
Impact-Auditing generates quite big log files. Ensure to rotate and archive them periodically. Also,
create a separate partition of audit to avoid filling root file system.Default Value-By default, Docker related files and directories are not audited. The file docker.service
may not be available on the system.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.