Monitoring the actions performed to my docker container

HI Team,

Is there any way to monitor the operations performed on my docker container?

So, i have a docker container with name web. Now i want to check if anyone performs docker exec , docker cp etc , i want to store out that result and get notified.

NOTE: Docker is installed in ubuntu server.

Don’t add users to the docker group so they need to use “sudo” in order to execute any docker command. Commands ran with sudo are logged and you can periodically check the log file and send a notification. On Ubuntu, the file is /var/log/auth.log

Of course make sure those users can’t sudo su and allow to run sudo docker only. Then optionally, you can also create a bash command alias (if you use the bash shell) so users don’t have to remember they need to run sudo docker not just docker.

sudo adduser docker-test
sudo groupadd docker-sudo
sudo usermod -aG docker-sudo docker-test
echo '%docker-sudo  ALL=(root)  NOPASSWD:/usr/bin/docker' > sudo tee /etc/sudoers.d/docker-sudo
echo "alias docker='sudo docker'" | sudo tee --append /etc/bash.bashrc
sudo su - docker-test

Then you can try the docker command as docker-test

docker info

Go back to your original user


And search for docker in the auth log

sudo grep 'COMMAND=/usr/bin/docker' /var/log/auth.log

You will see something like this:

Feb 17 20:42:58 n3 sudo: docker-test : TTY=pts/1 ; PWD=/home/docker-test ; USER=root ; COMMAND=/usr/bin/docker info

If you enabled remote access for example using a TCP socket, you would need to monitor the API calls.

Note that even if you log the shell commands, unless you run rootless Docker, users can get root access through docker commands and get a shell on the host that you can’t log. Or if you monitor the API calls, you can catch when someone runs docker exec, but if that someone just runs a shell like docker exec -it containername bash, you will see only the bash command, but nothing that the user rns in the shell interactively.

Don’t give Docker access to anyone you don’t trust.