From 1ab8786f9bea497295cb4a361741b05b299b7cb7 Mon Sep 17 00:00:00 2001
From: fred-vogt-dod <fvogt@doctorondemand.com>
Date: Tue, 22 Nov 2022 16:14:35 -0800
Subject: [PATCH] auditd logs fill too fast

---
 scripts/cis-docker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/cis-docker.sh b/scripts/cis-docker.sh
index f823e3d..40a2381 100755
--- a/scripts/cis-docker.sh
+++ b/scripts/cis-docker.sh
@@ -33,7 +33,7 @@ echo "-w /usr/bin/dockerd -k docker" >> /etc/audit/rules.d/docker.rules
 echo "-w /usr/bin/docker -k docker" >> /etc/audit/rules.d/docker.rules
 
 echo "1.2.4 - 1.2.12 - ensure auditing is configured for Docker files and directories"
-echo "-w /var/lib/docker -k docker" >> /etc/audit/rules.d/docker.rules
+# echo "-w /var/lib/docker -k docker" >> /etc/audit/rules.d/docker.rules
 echo "-w /etc/docker -k docker" >> /etc/audit/rules.d/docker.rules
 echo "-w /etc/default/docker -k docker" >> /etc/audit/rules.d/docker.rules
 echo "-w /etc/sysconfig/docker -k docker" >> /etc/audit/rules.d/docker.rules