Skip to content

Commit

Permalink
fixes tracee
Browse files Browse the repository at this point in the history
  • Loading branch information
Patrick committed Aug 6, 2022
1 parent c5ebb17 commit 1015872
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 11 deletions.
4 changes: 0 additions & 4 deletions install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,10 +103,6 @@ do
/usr/bin/docker pull aquasec/tracee;
fi
fi
# Move, set & activate tracee
mkdir -p /opt/detector/rulesets/tracee
cp ./rulesets/tracee/tracee.sh /opt/detector/rulesets/tracee/tracee.sh
bash /opt/detector/rulesets/tracee/tracee.sh
;;
6)
# Honeypot Autodropper POC
Expand Down
16 changes: 9 additions & 7 deletions rulesets/tracee/tracee.sh → rulesets/central/tracee.sh
100755 → 100644
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
#!/bin/bash

#Currently deactivated for testing
# Check if Tracee exists
tracee_present=$( /usr/bin/docker images -q tracee )

#Only run if Tracee isn't running
if [[ -n "$tracee_present" ]]; then
docker run --name tracee --rm --pid=host --cgroupns=host --privileged -v /etc/os-release:/etc/os-release-host:ro -e LIBBPFGO_OSRELEASE_FILE=/etc/os-release-host aquasec/tracee:latest --rules TRC-2 --rules TRC-6 --rules TRC-7 --rules TRC-15 | ts '[%Y-%m-%d %H:%M:%S] module=Tracee output=' >> /var/log/detector.log &

fi

# tracee-updater
# tracee_present=$( /usr/bin/docker images -q tracee )
# if [[ -n "$tracee_present" ]]; then
# /usr/bin/docker pull aquasec/tracee;
# /usr/bin/docker restart tracee;
# fi
# if [[ -n "$tracee_present" ]]; then
# /usr/bin/docker pull aquasec/tracee;
# /usr/bin/docker restart tracee;
# fi

0 comments on commit 1015872

Please sign in to comment.