配置Docker文件和目录的规则
写个脚本
vim /tmp/repair.sh
#!/bin/bash
function docker_audit()
{
cp /etc/audit/rules.d/audit.rules /etc/audit/rules.d/audit.rules.bak.$(date +%Y%m%d)
cat >> /etc/audit/rules.d/audit.rules <<EOF
-w /usr/bin/dockerd -k docker
-w /var/lib/docker -k docker
-w /etc/docker -k docker
-w /usr/lib/systemd/system/docker.service -k docker
-w /usr/lib/systemd/system/docker.socket -k docker
-w /etc/docker/daemon.json -k docker
-w /usr/bin/containerd -k docker
-w /usr/sbin/runc -k docker
EOF
systemctl daemon-reload
systemctl start auditd.service
systemctl status auditd.service
grep docker /etc/audit/rules.d/audit.rules
}
function docker_execstart()
{
filename=/etc/systemd/system/docker.service
configfile=/etc/docker/daemon.json
key=ExecStart
string=" --default-ulimit nproc=1024:2408 --default-ulimit nofile=10240:20480"
cp $filename /tmp/docker.service.bak.$(date +%Y%m%d)
cp $configfile /tmp/docker.daemon.json.$(date +%Y%m%d)
sed -i "/^$key/s/$/$string/" $filename
sed -i 's/warn/info/g' $configfile
systemctl daemon-reload
systemctl restart docker.service
systemctl status docker.service
ps -ef|grep dockerd | grep -v grep
}
docker_audit
docker_execstart
# 将Windows格式文本转换为Unix&Linux格式文件
yum install -y dos2unix
dos2unix repair.sh
sh repair.sh
检查一下
grep docker /etc/audit/rules.d/audit.rules
ps -ef|grep dockerd | grep -v grep
grep info /etc/docker/daemon.json
kubectl get po -A |grep -i -v running