How to categorize this topic?
/area security
/kind enhancement
/label teamsize/small
What is the topic about?:
gardener/gardener-extension-shoot-rsyslog-relp#255
For shoots, the extension currently mutates OperatingSystemConfigs and injects shell scripts that are used to start and configure the rsyslog and auditd daemons running on each node.
For unmanaged Seeds and the Gardener runtime cluster we cannot rely on the same approach. However, a similar effect could be achieved by deploying a DaemonSet that configures the auditd daemon on nodes and another DaemonSet that runs rsyslog-relp such that it mounts and reads audit logs from the /var/log/audit folder on the node. One potential drawback is that for shoots, rsyslog-relp directly reads logs from the journald syslog socket, which might not be possible when it is run in a DaemonSet.
Note that configuring auditd is not possible on nodes running in kind on mac, so working on this task requires a setup with provider-extensions.
How to categorize this topic?
/area security
/kind enhancement
/label teamsize/small
What is the topic about?:
gardener/gardener-extension-shoot-rsyslog-relp#255
For shoots, the extension currently mutates
OperatingSystemConfigs and injects shell scripts that are used to start and configure the rsyslog and auditd daemons running on each node.For unmanaged
Seeds and the Gardener runtime cluster we cannot rely on the same approach. However, a similar effect could be achieved by deploying aDaemonSetthat configures the auditd daemon on nodes and anotherDaemonSetthat runsrsyslog-relpsuch that it mounts and reads audit logs from the/var/log/auditfolder on the node. One potential drawback is that for shoots,rsyslog-relpdirectly reads logs from the journald syslog socket, which might not be possible when it is run in aDaemonSet.Note that configuring auditd is not possible on nodes running in
kindon mac, so working on this task requires a setup with provider-extensions.