Auditctl Logging Actions In Containers
The following rule captures all executions in Linux, and therefore in containers running on a host.
-a always,exit -F arch=b64 -S execve -F key=execveThe following rule captures all executions in Linux, and therefore in containers running on a host.
-a always,exit -F arch=b64 -S execve -F key=execve