Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Netcat doesn't exist in cluster but part of documentation for alerting #433

Closed
xamox opened this issue Oct 5, 2018 · 2 comments · Fixed by #456
Closed

Netcat doesn't exist in cluster but part of documentation for alerting #433

xamox opened this issue Oct 5, 2018 · 2 comments · Fixed by #456

Comments

@xamox
Copy link

xamox commented Oct 5, 2018
edited
Loading

Outlined in the docs:
https://github.com/falcosecurity/falco/wiki/Falco-Alerts#program-output-sending-alerts-to-network-channel

It's using nc (netcat) as part of the alerting mechanism.

But using latest image:

> sudo docker images                                                                                                                                                         Fri 05 Oct 2018 11:11:32 AM EDT
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sysdig/falco        latest              2608233e59ea        3 weeks ago         685MB

You can see it is not installed here:

> sudo docker run -it --entrypoint=/bin/sh sysdig/falco -c nc                                                                                                         5.7s  Fri 05 Oct 2018 11:09:33 AM EDT
/bin/sh: 1: nc: not found

Curl appears to exist though

> sudo docker run -it --entrypoint=/bin/sh sysdig/falco -c curl                                                                                                     1092ms  Fri 05 Oct 2018 11:09:58 AM EDT
curl: try 'curl --help' or 'curl --manual' for more information

And from within that container (image):

# find / -type f -name 'nc' 
/usr/share/bash-completion/completions/nc
mstemm added a commit that referenced this issue Nov 5, 2018
@mstemm
Add netcat to docker images
2668a53 
It may be useful as a way to enable generic event forwarding.

This fixes #433.
@mstemm mstemm mentioned this issue Nov 5, 2018
Merged
@mstemm
Copy link
Contributor

mstemm commented Nov 5, 2018

When we originally wrote those examples, we were using falco installed directly on the host instead of in a container. But you bring up a good point that it might be useful to have netcat in the falco container as well, so it would be possible to handle generic event forwarding. Addressed in #456.

mstemm added a commit that referenced this issue Nov 6, 2018
@mstemm
Add netcat to docker images (#456)
53c7e10 
It may be useful as a way to enable generic event forwarding.

This fixes #433.
@xamox
Copy link
Author

xamox commented Nov 6, 2018

Great, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add netcat to docker images falcosecurity/falco
2 participants
@xamox @mstemm