I have a VPS provider that is strictly disallows malicious activity like ssh-bruting, ddos, and such.
I also have multiple users that use the single VPS machine, each allocated to one docker container.
The problem is I do not know if the users are doing anything malicious other than to check the CPU usage and do tcpdump.
Is there a program that listens on the network's outgoing that makes sure the users aren't doing anything malicious?
Depending on what your notion of malicious activity is...
You can still install and run
nethogsin the background of each docker then check periodicaly an output files