-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker listener is unable to connect to docker daemon #20372
Comments
UpdateThe issue was caused by an incompatibility between The Another option is to install I opened a pull request to force installing Related issue: docker/docker-py#3113 ManagerOSroot@be499c120b52:/# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
UBUNTU_CODENAME=jammy
root@be499c120b52:/# docker --version
Docker version 24.0.7, build afdd53b
root@be499c120b52:/# python3 --version
Python 3.10.12 ConfigurationEnabled <ossec_config>
<global>
...
<logall>yes</logall>
<logall_json>yes</logall_json>
...
</global>
<wodle name="docker-listener">
<interval>1m</interval>
<attempts>5</attempts>
<run_on_start>yes</run_on_start>
<disabled>no</disabled>
</wodle>
...
</ossec_config> ossec.logroot@be499c120b52:/# cat /var/ossec/logs/ossec.log | grep docker
2023/12/01 14:58:56 wazuh-modulesd:docker-listener: INFO: Module docker-listener started.
2023/12/01 14:58:56 wazuh-modulesd:docker-listener: INFO: Starting to listening Docker events. docker commandsroot@be499c120b52:/# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
1f7ce2fa46ab: Pull complete
9b16c94bb686: Pull complete
9a59d19f9c5b: Pull complete
9ea27b074f71: Pull complete
c6edf33e2524: Pull complete
84b1ff10387b: Pull complete
517357831967: Pull complete
Digest: sha256:10d1f5b58f74683ad34eb29287e07dab1e90f10af243f151bb50aa5dbb4d62ee
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
root@be499c120b52:/# docker run -d -P --name nginx_container nginx
26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560
root@be499c120b52:/# docker exec -it nginx_container cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
nginx:x:101:101:nginx user:/nonexistent:/bin/false
root@be499c120b52:/# docker exec -it nginx_container /bin/bash
root@26d33a28c653:/# exit
exit archives.log2023 Dec 01 14:59:05 be499c120b52->wazuh-monitord ossec: Manager started.
2023 Dec 01 14:59:09 be499c120b52->rootcheck Ending rootcheck scan.
2023 Dec 01 15:03:48 be499c120b52->Wazuh-Docker {"integration": "docker", "docker": {"status": "pull", "id": "nginx:latest", "Type": "image", "Action": "pull", "Actor": {"ID": "nginx:latest", "Attributes": {"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>", "name": "nginx"}}, "scope": "local", "time": 1701443028, "timeNano": 1701443028588266402}}
2023 Dec 01 15:04:51 be499c120b52->Wazuh-Docker {"integration": "docker", "docker": {"status": "create", "id": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "from": "nginx", "Type": "container", "Action": "create", "Actor": {"ID": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "Attributes": {"image": "nginx", "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>", "name": "nginx_container"}}, "scope": "local", "time": 1701443091, "timeNano": 1701443091184612150}}
2023 Dec 01 15:04:51 be499c120b52->Wazuh-Docker {"integration": "docker", "docker": {"Type": "network", "Action": "connect", "Actor": {"ID": "226b2e6255690299858b2d634824c0ce6d7a0a3f4d87f30e9da6b6ecc54e999a", "Attributes": {"container": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "name": "bridge", "type": "bridge"}}, "scope": "local", "time": 1701443091, "timeNano": 1701443091219464151}}
2023 Dec 01 15:04:51 be499c120b52->Wazuh-Docker {"integration": "docker", "docker": {"status": "start", "id": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "from": "nginx", "Type": "container", "Action": "start", "Actor": {"ID": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "Attributes": {"image": "nginx", "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>", "name": "nginx_container"}}, "scope": "local", "time": 1701443091, "timeNano": 1701443091380856246}}
2023 Dec 01 15:04:57 be499c120b52->df -P ossec: output: 'df -P': overlay 121183936 92824268 22157712 81% /
2023 Dec 01 15:04:57 be499c120b52->df -P ossec: output: 'df -P': shm 65536 80 65456 1% /dev/shm
2023 Dec 01 15:04:57 be499c120b52->df -P ossec: output: 'df -P': tmpfs 65536 0 65536 0% /dev
2023 Dec 01 15:04:57 be499c120b52->df -P ossec: output: 'df -P': Filesystem 1024-blocks Used Available Capacity Mounted on
2023 Dec 01 15:04:57 be499c120b52->df -P ossec: output: 'df -P': overlay 121183936 92824268 22157712 81% /var/lib/docker/overlay2/ccc3cfb47c8f8ce7c3ee1451467793e0670a2e33b73f55f31a568f4ff8bf1f0f/merged
2023 Dec 01 15:04:57 be499c120b52->df -P ossec: output: 'df -P': /dev/mapper/data-root 121183936 92824268 22157712 81% /etc/hosts
2023 Dec 01 15:04:57 be499c120b52->last -n 20 ossec: output: 'last -n 20':
wtmp begins Thu Nov 30 14:24:04 2023
2023 Dec 01 15:04:59 be499c120b52->Wazuh-Docker {"integration": "docker", "docker": {"status": "exec_create: cat /etc/passwd", "id": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "from": "nginx", "Type": "container", "Action": "exec_create: cat /etc/passwd", "Actor": {"ID": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "Attributes": {"execID": "f696b3418de1a97948184f81afe07d2a3cb34dabdb5fe1aecd3973444a05c121", "image": "nginx", "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>", "name": "nginx_container"}}, "scope": "local", "time": 1701443099, "timeNano": 1701443099998974295}}
2023 Dec 01 15:04:59 be499c120b52->Wazuh-Docker {"integration": "docker", "docker": {"status": "exec_start: cat /etc/passwd", "id": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "from": "nginx", "Type": "container", "Action": "exec_start: cat /etc/passwd", "Actor": {"ID": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "Attributes": {"execID": "f696b3418de1a97948184f81afe07d2a3cb34dabdb5fe1aecd3973444a05c121", "image": "nginx", "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>", "name": "nginx_container"}}, "scope": "local", "time": 1701443099, "timeNano": 1701443099999324098}}
2023 Dec 01 15:05:00 be499c120b52->Wazuh-Docker {"integration": "docker", "docker": {"status": "exec_die", "id": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "from": "nginx", "Type": "container", "Action": "exec_die", "Actor": {"ID": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "Attributes": {"execID": "f696b3418de1a97948184f81afe07d2a3cb34dabdb5fe1aecd3973444a05c121", "exitCode": "0", "image": "nginx", "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>", "name": "nginx_container"}}, "scope": "local", "time": 1701443100, "timeNano": 1701443100085532742}}
2023 Dec 01 15:05:09 be499c120b52->Wazuh-Docker {"integration": "docker", "docker": {"status": "exec_create: /bin/bash ", "id": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "from": "nginx", "Type": "container", "Action": "exec_create: /bin/bash ", "Actor": {"ID": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "Attributes": {"execID": "ac26194c17e472fd4923248bf5bee6db69d22162986e2f8aef7b2d51138f0f0b", "image": "nginx", "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>", "name": "nginx_container"}}, "scope": "local", "time": 1701443109, "timeNano": 1701443109148978938}}
2023 Dec 01 15:05:09 be499c120b52->Wazuh-Docker {"integration": "docker", "docker": {"status": "exec_start: /bin/bash ", "id": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "from": "nginx", "Type": "container", "Action": "exec_start: /bin/bash ", "Actor": {"ID": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "Attributes": {"execID": "ac26194c17e472fd4923248bf5bee6db69d22162986e2f8aef7b2d51138f0f0b", "image": "nginx", "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>", "name": "nginx_container"}}, "scope": "local", "time": 1701443109, "timeNano": 1701443109149257941}}
2023 Dec 01 15:05:13 be499c120b52->Wazuh-Docker {"integration": "docker", "docker": {"status": "exec_die", "id": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "from": "nginx", "Type": "container", "Action": "exec_die", "Actor": {"ID": "26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560", "Attributes": {"execID": "ac26194c17e472fd4923248bf5bee6db69d22162986e2f8aef7b2d51138f0f0b", "exitCode": "0", "image": "nginx", "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>", "name": "nginx_container"}}, "scope": "local", "time": 1701443113, "timeNano": 1701443113829975076}} archives.jsonroot@be499c120b52:/# cat /var/ossec/logs/archives/archives.json
{"timestamp":"2023-12-01T14:58:54.251+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442734.0","full_log":"Starting rootcheck scan.","decoder":{"name":"rootcheck"},"data":{"title":"Starting rootcheck scan."},"location":"rootcheck"}
{"timestamp":"2023-12-01T14:58:54.293+0000","rule":{"level":7,"description":"Host-based anomaly detection event (rootcheck).","id":"510","firedtimes":1,"mail":false,"groups":["ossec","rootcheck"],"pci_dss":["10.6.1"],"gdpr":["IV_35.7.d"]},"agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442734.675424","full_log":"Trojaned version of file '/bin/diff' detected. Signature used: 'bash|^/bin/sh|file\\.h|proc\\.h|/dev/[^n]|^/bin/.*sh' (Generic).","decoder":{"name":"rootcheck"},"data":{"title":"Trojaned version of file detected.","file":"/bin/diff"},"location":"rootcheck"}
{"timestamp":"2023-12-01T14:58:54.304+0000","rule":{"level":7,"description":"Host-based anomaly detection event (rootcheck).","id":"510","firedtimes":2,"mail":false,"groups":["ossec","rootcheck"],"pci_dss":["10.6.1"],"gdpr":["IV_35.7.d"]},"agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442734.675805","full_log":"Trojaned version of file '/usr/bin/diff' detected. Signature used: 'bash|^/bin/sh|file\\.h|proc\\.h|/dev/[^n]|^/bin/.*sh' (Generic).","decoder":{"name":"rootcheck"},"data":{"title":"Trojaned version of file detected.","file":"/usr/bin/diff"},"location":"rootcheck"}
{"timestamp":"2023-12-01T14:58:56.995+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442736.675805","full_log":"{\"integration\": \"docker\", \"docker\": {\"Wodle event\": \"Started\"}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"Wodle event":"Started"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T14:58:57.002+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442737.675805","full_log":"{\"integration\": \"docker\", \"docker\": {\"Wodle event\": \"Connected to Docker service\"}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"Wodle event":"Connected to Docker service"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T14:58:57.812+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442737.675805","full_log":"ossec: output: 'df -P': Filesystem 1024-blocks Used Available Capacity Mounted on","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T14:58:57.812+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442737.675805","full_log":"ossec: output: 'df -P': tmpfs 65536 0 65536 0% /dev","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T14:58:57.812+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442737.675805","full_log":"ossec: output: 'df -P': shm 65536 80 65456 1% /dev/shm","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T14:58:57.812+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442737.675805","full_log":"ossec: output: 'df -P': overlay 121183936 92626476 22355504 81% /","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T14:58:57.812+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442737.675805","full_log":"ossec: output: 'last -n 20':\nwtmp begins Thu Nov 30 14:24:04 2023","decoder":{"name":"ossec"},"location":"last -n 20"}
{"timestamp":"2023-12-01T14:58:57.812+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442737.675805","full_log":"ossec: output: 'df -P': /dev/mapper/data-root 121183936 92626476 22355504 81% /etc/hosts","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T14:59:00.990+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442740.675805","full_log":"{\"type\":\"summary\",\"scan_id\":557981783,\"name\":\"CIS Ubuntu Linux 22.04 LTS Benchmark v1.0.0.\",\"policy_id\":\"cis_ubuntu22-04\",\"file\":\"cis_ubuntu22-04.yml\",\"description\":\"This document provides prescriptive guidance for establishing a secure configuration posture for Ubuntu Linux 22.04 LTS based on CIS benchmark for Ubuntu Linux 22.04 LTS.\",\"references\":\"https://www.cisecurity.org/cis-benchmarks/\",\"passed\":50,\"failed\":82,\"invalid\":50,\"total_checks\":182,\"score\":37.878787994384766,\"start_time\":1701442736,\"end_time\":1701442737,\"hash\":\"06ad51e6d9ece5444a3ee9a6946639965c2d1bdf6f4936c60068f02cbf028fa4\",\"hash_file\":\"c556e25dbf15870af8df9f42fae47a269c545d7baf0f4bc87049074521061442\",\"first_scan\":1}","decoder":{"name":"sca"},"location":"sca"}
{"timestamp":"2023-12-01T14:59:01.000+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442741.675805","full_log":"{\"type\":\"policies\",\"policies\":[\"cis_ubuntu22-04\"]}","decoder":{"name":"sca"},"location":"sca"}
{"timestamp":"2023-12-01T14:59:05.808+0000","rule":{"level":3,"description":"Wazuh server started.","id":"502","firedtimes":1,"mail":false,"groups":["ossec"],"pci_dss":["10.6.1"],"gpg13":["10.1"],"gdpr":["IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442745.676194","full_log":"ossec: Manager started.","decoder":{"name":"ossec"},"location":"wazuh-monitord"}
{"timestamp":"2023-12-01T14:59:09.441+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701442749.676194","full_log":"Ending rootcheck scan.","decoder":{"name":"rootcheck"},"data":{"title":"Ending rootcheck scan."},"location":"rootcheck"}
{"timestamp":"2023-12-01T15:03:48.588+0000","rule":{"level":3,"description":"Docker: Image or repository nginx pulled","id":"87932","firedtimes":1,"mail":false,"groups":["docker"],"pci_dss":["10.2.7"],"hipaa":["164.312.b"],"nist_800_53":["AU.14"],"tsc":["CC6.8","CC7.2","CC7.3"]},"agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443028.676194","full_log":"{\"integration\": \"docker\", \"docker\": {\"status\": \"pull\", \"id\": \"nginx:latest\", \"Type\": \"image\", \"Action\": \"pull\", \"Actor\": {\"ID\": \"nginx:latest\", \"Attributes\": {\"maintainer\": \"NGINX Docker Maintainers <docker-maint@nginx.com>\", \"name\": \"nginx\"}}, \"scope\": \"local\", \"time\": 1701443028, \"timeNano\": 1701443028588266402}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"status":"pull","id":"nginx:latest","Type":"image","Action":"pull","Actor":{"ID":"nginx:latest","Attributes":{"maintainer":"NGINX Docker Maintainers <docker-maint@nginx.com>","name":"nginx"}},"scope":"local","time":"1701443028","timeNano":"1701443028588266496.000000"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T15:04:51.185+0000","rule":{"level":3,"description":"Docker: Container nginx_container created","id":"87901","firedtimes":1,"mail":false,"groups":["docker"],"pci_dss":["10.2.7"],"hipaa":["164.312.b"],"nist_800_53":["AU.14"],"tsc":["CC6.8","CC7.2","CC7.3"]},"agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443091.677341","full_log":"{\"integration\": \"docker\", \"docker\": {\"status\": \"create\", \"id\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"from\": \"nginx\", \"Type\": \"container\", \"Action\": \"create\", \"Actor\": {\"ID\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"Attributes\": {\"image\": \"nginx\", \"maintainer\": \"NGINX Docker Maintainers <docker-maint@nginx.com>\", \"name\": \"nginx_container\"}}, \"scope\": \"local\", \"time\": 1701443091, \"timeNano\": 1701443091184612150}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"status":"create","id":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","from":"nginx","Type":"container","Action":"create","Actor":{"ID":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","Attributes":{"image":"nginx","maintainer":"NGINX Docker Maintainers <docker-maint@nginx.com>","name":"nginx_container"}},"scope":"local","time":"1701443091","timeNano":"1701443091184612096.000000"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T15:04:51.219+0000","rule":{"level":3,"description":"Docker: Network bridge connected","id":"87928","firedtimes":1,"mail":false,"groups":["docker"]},"agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443091.678571","full_log":"{\"integration\": \"docker\", \"docker\": {\"Type\": \"network\", \"Action\": \"connect\", \"Actor\": {\"ID\": \"226b2e6255690299858b2d634824c0ce6d7a0a3f4d87f30e9da6b6ecc54e999a\", \"Attributes\": {\"container\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"name\": \"bridge\", \"type\": \"bridge\"}}, \"scope\": \"local\", \"time\": 1701443091, \"timeNano\": 1701443091219464151}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"Type":"network","Action":"connect","Actor":{"ID":"226b2e6255690299858b2d634824c0ce6d7a0a3f4d87f30e9da6b6ecc54e999a","Attributes":{"container":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","name":"bridge","type":"bridge"}},"scope":"local","time":"1701443091","timeNano":"1701443091219464192.000000"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T15:04:51.381+0000","rule":{"level":3,"description":"Docker: Container nginx_container started","id":"87903","firedtimes":1,"mail":false,"groups":["docker"]},"agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443091.679493","full_log":"{\"integration\": \"docker\", \"docker\": {\"status\": \"start\", \"id\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"from\": \"nginx\", \"Type\": \"container\", \"Action\": \"start\", \"Actor\": {\"ID\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"Attributes\": {\"image\": \"nginx\", \"maintainer\": \"NGINX Docker Maintainers <docker-maint@nginx.com>\", \"name\": \"nginx_container\"}}, \"scope\": \"local\", \"time\": 1701443091, \"timeNano\": 1701443091380856246}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"status":"start","id":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","from":"nginx","Type":"container","Action":"start","Actor":{"ID":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","Attributes":{"image":"nginx","maintainer":"NGINX Docker Maintainers <docker-maint@nginx.com>","name":"nginx_container"}},"scope":"local","time":"1701443091","timeNano":"1701443091380856320.000000"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T15:04:57.217+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443097.679493","full_log":"ossec: output: 'df -P': overlay 121183936 92824268 22157712 81% /","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T15:04:57.217+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443097.679493","full_log":"ossec: output: 'df -P': shm 65536 80 65456 1% /dev/shm","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T15:04:57.217+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443097.679493","full_log":"ossec: output: 'df -P': tmpfs 65536 0 65536 0% /dev","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T15:04:57.217+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443097.679493","full_log":"ossec: output: 'df -P': Filesystem 1024-blocks Used Available Capacity Mounted on","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T15:04:57.217+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443097.679493","full_log":"ossec: output: 'df -P': overlay 121183936 92824268 22157712 81% /var/lib/docker/overlay2/ccc3cfb47c8f8ce7c3ee1451467793e0670a2e33b73f55f31a568f4ff8bf1f0f/merged","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T15:04:57.217+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443097.679493","full_log":"ossec: output: 'df -P': /dev/mapper/data-root 121183936 92824268 22157712 81% /etc/hosts","decoder":{"name":"ossec"},"location":"df -P"}
{"timestamp":"2023-12-01T15:04:57.219+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443097.679493","full_log":"ossec: output: 'last -n 20':\nwtmp begins Thu Nov 30 14:24:04 2023","decoder":{"name":"ossec"},"location":"last -n 20"}
{"timestamp":"2023-12-01T15:04:59.999+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443099.679493","full_log":"{\"integration\": \"docker\", \"docker\": {\"status\": \"exec_create: cat /etc/passwd\", \"id\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"from\": \"nginx\", \"Type\": \"container\", \"Action\": \"exec_create: cat /etc/passwd\", \"Actor\": {\"ID\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"Attributes\": {\"execID\": \"f696b3418de1a97948184f81afe07d2a3cb34dabdb5fe1aecd3973444a05c121\", \"image\": \"nginx\", \"maintainer\": \"NGINX Docker Maintainers <docker-maint@nginx.com>\", \"name\": \"nginx_container\"}}, \"scope\": \"local\", \"time\": 1701443099, \"timeNano\": 1701443099998974295}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"status":"exec_create: cat /etc/passwd","id":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","from":"nginx","Type":"container","Action":"exec_create: cat /etc/passwd","Actor":{"ID":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","Attributes":{"execID":"f696b3418de1a97948184f81afe07d2a3cb34dabdb5fe1aecd3973444a05c121","image":"nginx","maintainer":"NGINX Docker Maintainers <docker-maint@nginx.com>","name":"nginx_container"}},"scope":"local","time":"1701443099","timeNano":"1701443099998974208.000000"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T15:04:59.999+0000","rule":{"level":3,"description":"Docker: Command launched in container nginx_container. Action: \"exec_start: cat /etc/passwd\"","id":"87907","firedtimes":1,"mail":false,"groups":["docker"],"gdpr":["IV_32.2"]},"agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443099.680640","full_log":"{\"integration\": \"docker\", \"docker\": {\"status\": \"exec_start: cat /etc/passwd\", \"id\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"from\": \"nginx\", \"Type\": \"container\", \"Action\": \"exec_start: cat /etc/passwd\", \"Actor\": {\"ID\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"Attributes\": {\"execID\": \"f696b3418de1a97948184f81afe07d2a3cb34dabdb5fe1aecd3973444a05c121\", \"image\": \"nginx\", \"maintainer\": \"NGINX Docker Maintainers <docker-maint@nginx.com>\", \"name\": \"nginx_container\"}}, \"scope\": \"local\", \"time\": 1701443099, \"timeNano\": 1701443099999324098}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"status":"exec_start: cat /etc/passwd","id":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","from":"nginx","Type":"container","Action":"exec_start: cat /etc/passwd","Actor":{"ID":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","Attributes":{"execID":"f696b3418de1a97948184f81afe07d2a3cb34dabdb5fe1aecd3973444a05c121","image":"nginx","maintainer":"NGINX Docker Maintainers <docker-maint@nginx.com>","name":"nginx_container"}},"scope":"local","time":"1701443099","timeNano":"1701443099999324160.000000"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T15:05:00.085+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443100.680640","full_log":"{\"integration\": \"docker\", \"docker\": {\"status\": \"exec_die\", \"id\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"from\": \"nginx\", \"Type\": \"container\", \"Action\": \"exec_die\", \"Actor\": {\"ID\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"Attributes\": {\"execID\": \"f696b3418de1a97948184f81afe07d2a3cb34dabdb5fe1aecd3973444a05c121\", \"exitCode\": \"0\", \"image\": \"nginx\", \"maintainer\": \"NGINX Docker Maintainers <docker-maint@nginx.com>\", \"name\": \"nginx_container\"}}, \"scope\": \"local\", \"time\": 1701443100, \"timeNano\": 1701443100085532742}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"status":"exec_die","id":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","from":"nginx","Type":"container","Action":"exec_die","Actor":{"ID":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","Attributes":{"execID":"f696b3418de1a97948184f81afe07d2a3cb34dabdb5fe1aecd3973444a05c121","exitCode":"0","image":"nginx","maintainer":"NGINX Docker Maintainers <docker-maint@nginx.com>","name":"nginx_container"}},"scope":"local","time":"1701443100","timeNano":"1701443100085532672.000000"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T15:05:09.149+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443109.680640","full_log":"{\"integration\": \"docker\", \"docker\": {\"status\": \"exec_create: /bin/bash \", \"id\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"from\": \"nginx\", \"Type\": \"container\", \"Action\": \"exec_create: /bin/bash \", \"Actor\": {\"ID\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"Attributes\": {\"execID\": \"ac26194c17e472fd4923248bf5bee6db69d22162986e2f8aef7b2d51138f0f0b\", \"image\": \"nginx\", \"maintainer\": \"NGINX Docker Maintainers <docker-maint@nginx.com>\", \"name\": \"nginx_container\"}}, \"scope\": \"local\", \"time\": 1701443109, \"timeNano\": 1701443109148978938}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"status":"exec_create: /bin/bash ","id":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","from":"nginx","Type":"container","Action":"exec_create: /bin/bash ","Actor":{"ID":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","Attributes":{"execID":"ac26194c17e472fd4923248bf5bee6db69d22162986e2f8aef7b2d51138f0f0b","image":"nginx","maintainer":"NGINX Docker Maintainers <docker-maint@nginx.com>","name":"nginx_container"}},"scope":"local","time":"1701443109","timeNano":"1701443109148978944.000000"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T15:05:09.149+0000","rule":{"level":5,"description":"Docker: Started shell session in container nginx_container","id":"87908","firedtimes":1,"mail":false,"groups":["docker"],"pci_dss":["10.2.7"],"gdpr":["IV_32.2"],"hipaa":["164.312.b"],"nist_800_53":["AU.14"],"tsc":["CC6.8","CC7.2","CC7.3"]},"agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443109.682114","full_log":"{\"integration\": \"docker\", \"docker\": {\"status\": \"exec_start: /bin/bash \", \"id\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"from\": \"nginx\", \"Type\": \"container\", \"Action\": \"exec_start: /bin/bash \", \"Actor\": {\"ID\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"Attributes\": {\"execID\": \"ac26194c17e472fd4923248bf5bee6db69d22162986e2f8aef7b2d51138f0f0b\", \"image\": \"nginx\", \"maintainer\": \"NGINX Docker Maintainers <docker-maint@nginx.com>\", \"name\": \"nginx_container\"}}, \"scope\": \"local\", \"time\": 1701443109, \"timeNano\": 1701443109149257941}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"status":"exec_start: /bin/bash ","id":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","from":"nginx","Type":"container","Action":"exec_start: /bin/bash ","Actor":{"ID":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","Attributes":{"execID":"ac26194c17e472fd4923248bf5bee6db69d22162986e2f8aef7b2d51138f0f0b","image":"nginx","maintainer":"NGINX Docker Maintainers <docker-maint@nginx.com>","name":"nginx_container"}},"scope":"local","time":"1701443109","timeNano":"1701443109149257984.000000"}},"location":"Wazuh-Docker"}
{"timestamp":"2023-12-01T15:05:13.830+0000","agent":{"id":"000","name":"be499c120b52"},"manager":{"name":"be499c120b52"},"id":"1701443113.682114","full_log":"{\"integration\": \"docker\", \"docker\": {\"status\": \"exec_die\", \"id\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"from\": \"nginx\", \"Type\": \"container\", \"Action\": \"exec_die\", \"Actor\": {\"ID\": \"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560\", \"Attributes\": {\"execID\": \"ac26194c17e472fd4923248bf5bee6db69d22162986e2f8aef7b2d51138f0f0b\", \"exitCode\": \"0\", \"image\": \"nginx\", \"maintainer\": \"NGINX Docker Maintainers <docker-maint@nginx.com>\", \"name\": \"nginx_container\"}}, \"scope\": \"local\", \"time\": 1701443113, \"timeNano\": 1701443113829975076}}","decoder":{"name":"json"},"data":{"integration":"docker","docker":{"status":"exec_die","id":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","from":"nginx","Type":"container","Action":"exec_die","Actor":{"ID":"26d33a28c65307e8d251df562d8116c2c69878cfcfde42526c594d5d38093560","Attributes":{"execID":"ac26194c17e472fd4923248bf5bee6db69d22162986e2f8aef7b2d51138f0f0b","exitCode":"0","image":"nginx","maintainer":"NGINX Docker Maintainers <docker-maint@nginx.com>","name":"nginx_container"}},"scope":"local","time":"1701443113","timeNano":"1701443113829975040.000000"}},"location":"Wazuh-Docker"} DockerListener executionroot@be499c120b52:/# /var/ossec/wodles/docker/DockerListener
{"integration": "docker", "docker": {"Wodle event": "Started"}}
Docker service was started.
{"integration": "docker", "docker": {"Wodle event": "Connected to Docker service"}} AgentOSroot@c82e021a91e7:/# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
UBUNTU_CODENAME=jammy
root@c82e021a91e7:/# docker --version
Docker version 24.0.7, build afdd53b
root@c82e021a91e7:/# python3 --version
Python 3.10.12 Configuration <wodle name="docker-listener">
<interval>10m</interval>
<attempts>5</attempts>
<run_on_start>yes</run_on_start>
<disabled>no</disabled>
</wodle> docker 4.2.0 installation
root@41c7beae5a36:/# pip3 install docker==4.2.0
Collecting docker==4.2.0
Downloading docker-4.2.0-py2.py3-none-any.whl (143 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 143.9/143.9 kB 3.5 MB/s eta 0:00:00
Collecting six>=1.4.0 (from docker==4.2.0)
Downloading six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting websocket-client>=0.32.0 (from docker==4.2.0)
Downloading websocket_client-1.6.4-py3-none-any.whl.metadata (7.7 kB)
Collecting requests!=2.18.0,>=2.14.2 (from docker==4.2.0)
Downloading requests-2.31.0-py3-none-any.whl.metadata (4.6 kB)
Collecting charset-normalizer<4,>=2 (from requests!=2.18.0,>=2.14.2->docker==4.2.0)
Downloading charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (33 kB)
Collecting idna<4,>=2.5 (from requests!=2.18.0,>=2.14.2->docker==4.2.0)
Downloading idna-3.6-py3-none-any.whl.metadata (9.9 kB)
Collecting urllib3<3,>=1.21.1 (from requests!=2.18.0,>=2.14.2->docker==4.2.0)
Downloading urllib3-2.1.0-py3-none-any.whl.metadata (6.4 kB)
Collecting certifi>=2017.4.17 (from requests!=2.18.0,>=2.14.2->docker==4.2.0)
Downloading certifi-2023.11.17-py3-none-any.whl.metadata (2.2 kB)
Downloading requests-2.31.0-py3-none-any.whl (62 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 62.6/62.6 kB 4.0 MB/s eta 0:00:00
Downloading websocket_client-1.6.4-py3-none-any.whl (57 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 57.3/57.3 kB 3.9 MB/s eta 0:00:00
Downloading certifi-2023.11.17-py3-none-any.whl (162 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 162.5/162.5 kB 5.1 MB/s eta 0:00:00
Downloading charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (142 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 142.1/142.1 kB 5.2 MB/s eta 0:00:00
Downloading idna-3.6-py3-none-any.whl (61 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 61.6/61.6 kB 3.8 MB/s eta 0:00:00
Downloading urllib3-2.1.0-py3-none-any.whl (104 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 104.6/104.6 kB 4.3 MB/s eta 0:00:00
Installing collected packages: websocket-client, urllib3, six, idna, charset-normalizer, certifi, requests, docker
Successfully installed certifi-2023.11.17 charset-normalizer-3.3.2 docker-4.2.0 idna-3.6 requests-2.31.0 six-1.16.0 urllib3-2.1.0 websocket-client-1.6.4
root@c82e021a91e7:/# pip3 freeze
certifi==2023.11.17
charset-normalizer==3.3.2
docker==4.2.0
idna==3.6
requests==2.31.0
six==1.16.0
supervisor==4.2.1
urllib3==2.1.0
websocket-client==1.6.4 DockerListener executionroot@c82e021a91e7:/# /var/ossec/wodles/docker/DockerListener
{"integration": "docker", "docker": {"Wodle event": "Started"}}
Docker service is not running.
{"integration": "docker", "docker": {"Wodle event": "Docker service is not running"}}
Reconnecting...
Reconnecting...
Reconnecting...
Reconnecting... Downgrading urllib3 from 2.1.0 to 1.26.5root@c82e021a91e7:/# pip3 install urllib3==1.26.5
Collecting urllib3==1.26.5
Downloading urllib3-1.26.5-py2.py3-none-any.whl (138 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 138.1/138.1 kB 3.1 MB/s eta 0:00:00
Installing collected packages: urllib3
Attempting uninstall: urllib3
Found existing installation: urllib3 2.1.0
Uninstalling urllib3-2.1.0:
Successfully uninstalled urllib3-2.1.0
Successfully installed urllib3-1.26.5
root@c82e021a91e7:/# pip3 freeze
certifi==2023.11.17
charset-normalizer==3.3.2
docker==4.2.0
idna==3.6
packaging==23.2
requests==2.31.0
six==1.16.0
supervisor==4.2.1
urllib3==1.26.5
websocket-client==1.6.4 DockerListener executionFirst window root@c82e021a91e7:/# /var/ossec/wodles/docker/DockerListener
{"integration": "docker", "docker": {"Wodle event": "Started"}}
Docker service was started.
{"integration": "docker", "docker": {"Wodle event": "Connected to Docker service"}}
{"integration": "docker", "docker": {"status": "pull", "id": "nginx:latest", "Type": "image", "Action": "pull", "Actor": {"ID": "nginx:latest", "Attributes": {"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>", "name": "nginx"}}, "scope": "local", "time": 1701445999, "timeNano": 1701445999256520368}} Second window root@c82e021a91e7:/# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
Digest: sha256:10d1f5b58f74683ad34eb29287e07dab1e90f10af243f151bb50aa5dbb4d62ee
Status: Image is up to date for nginx:latest
docker.io/library/nginx:latest Upgrading docker to 6.1.1root@c82e021a91e7:/# pip3 install docker==6.1.1
Requirement already satisfied: urllib3==2.1.0 in /usr/local/lib/python3.10/dist-packages (2.1.0)
Collecting docker==6.1.1
Using cached docker-6.1.1-py3-none-any.whl (147 kB)
Installing collected packages: docker
Attempting uninstall: docker
Found existing installation: docker 4.2.0
Uninstalling docker-4.2.0:
Successfully uninstalled docker-4.2.0
Successfully installed docker-6.1.1
root@c82e021a91e7:/# pip3 freeze
certifi==2023.11.17
charset-normalizer==3.3.2
docker==6.1.1
idna==3.6
packaging==23.2
requests==2.31.0
six==1.16.0
supervisor==4.2.1
urllib3==2.1.0
websocket-client==1.6.4 DockerListener executionFirst window root@c82e021a91e7:/# /var/ossec/bin/wazuh-control restart
Killing wazuh-modulesd...
Process wazuh-modulesd couldn't be terminated. It will be killed.
Killing wazuh-logcollector...
Killing wazuh-syscheckd...
Killing wazuh-agentd...
Killing wazuh-execd...
Wazuh v4.9.0 Stopped
Starting Wazuh v4.9.0...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.
root@c82e021a91e7:/# /var/ossec/wodles/docker/DockerListener
{"integration": "docker", "docker": {"Wodle event": "Started"}}
Docker service was started.
{"integration": "docker", "docker": {"Wodle event": "Connected to Docker service"}}
{"integration": "docker", "docker": {"status": "pull", "id": "alpine:latest", "Type": "image", "Action": "pull", "Actor": {"ID": "alpine:latest", "Attributes": {"name": "alpine"}}, "scope": "local", "time": 1701447259, "timeNano": 1701447259513098487}}
{"integration": "docker", "docker": {"status": "pull", "id": "debian:latest", "Type": "image", "Action": "pull", "Actor": {"ID": "debian:latest", "Attributes": {"name": "debian"}}, "scope": "local", "time": 1701447282, "timeNano": 1701447282875843647}} Second window root@c82e021a91e7:/# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
Digest: sha256:34871e7290500828b39e22294660bee86d966bc0017544e848dd9a255cdf59e0
Status: Image is up to date for alpine:latest
docker.io/library/alpine:latest
root@c82e021a91e7:/# docker pull debian
Using default tag: latest
latest: Pulling from library/debian
90e5e7d8b87a: Pull complete
Digest: sha256:133a1f2aa9e55d1c93d0ae1aaa7b94fb141265d0ee3ea677175cdb96f5f990e5
Status: Downloaded newer image for debian:latest
docker.io/library/debian:latest |
UpdateChanged the TestsUsing
|
Description
Hi, I'm trying to follow this guide but I can't get docker events to appear, I can only see in the archives.log this event.
I can do pull and I get this message but in the archives.log I get nothing.
The status of the docker daemon is green running, and the user is root with the following permissions.
Running the Docker-listener module, adding a print() in the exception of the check_docker_service() method I get the following:
The environment I am using and the versions of everything are the following. The package manager is updated.
Agent box: Ubuntu Jammy - generic/ubuntu2204
docker==4.2.0
urllib3==2.1.0
requests==2.31.0
python==3.10.12
Checks
The following elements have been updated or reviewed (should also be checked if no modification is required):
api/test/integration/mapping/_test_mapping.py
).The text was updated successfully, but these errors were encountered: