Container for building/running auditd using docker-compose
Audit Read
Audit Control
The pid = host option is required for local logging within a container
Recommend that audit.rules and auditd.conf are bind-mounted using a read-only option, so that options can be tweaked after the image is made, and those files aren't impacted by playing with the container
From the directory with the docker-compose.yml run
sudo docker-compose up --build
sudo docker-compose up