From ee714b39f54aa448eaaafc91250291aeb8d74734 Mon Sep 17 00:00:00 2001
From: fred-vogt-dod <fvogt@doctorondemand.com>
Date: Tue, 16 May 2023 15:11:28 -0700
Subject: [PATCH] auditd logs fill too fast

---
 scripts/cis-docker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/cis-docker.sh b/scripts/cis-docker.sh
index 0dcbcee..07aabfe 100755
--- a/scripts/cis-docker.sh
+++ b/scripts/cis-docker.sh
@@ -33,7 +33,7 @@ echo "-w /usr/bin/dockerd -k docker" >> /etc/audit/rules.d/docker.rules
 echo "-w /usr/bin/docker -k docker" >> /etc/audit/rules.d/docker.rules
 
 echo "1.2.4 - 1.2.12 - ensure auditing is configured for Docker files and directories"
-echo "-w /var/lib/docker -k docker" >> /etc/audit/rules.d/docker.rules
+#echo "-w /var/lib/docker -k docker" >> /etc/audit/rules.d/docker.rules
 echo "-w /etc/docker -k docker" >> /etc/audit/rules.d/docker.rules
 echo "-w /etc/default/docker -k docker" >> /etc/audit/rules.d/docker.rules
 echo "-w /etc/sysconfig/docker -k docker" >> /etc/audit/rules.d/docker.rules