Mithya
04/29/2020, 7:00 PMauditctl -l
shows me rules added by osquery but in the container, this doesn't work.)
The same set of flags don't work when I test it out inside a container.
These are the flags I am launching osqueryd with
--audit_allow_config=true
--audit_allow_sockets
--audit_persist=true
--disable_audit=false
The error that I am getting is
osquery_1 | I0429 19:00:06.721541 16 auditdnetlink.cpp:623] Failed to set the netlink owner
sundsta
04/29/2020, 7:29 PMMithya
04/29/2020, 7:32 PMsundsta
04/29/2020, 7:41 PM