Asking a question.


Raul Rodriguez
 

 

Hi Community:

 

I don´t know if this is the right place to ask, but in StackFlow, despite my case having seven views, nobody answered yet

 

My problem is this:

 

I want to run a container a she¡l script (I´m using docker, but my final target is AWS Fargate). The script produces an output that I can send to stdout or syslog. The issue is that I can´t recover the output from triggering a Falco rule that its output is exactly the script output.

 

For more information, what I´m trying to achieve is this:

 

If I already have text files, with the files allowed to be in a directory and the SHA256 of each one of them. I want to know if the allowed files have appeared or disappeared or if the SHA 256 of one of them is not what I expected.

 

I was trying to log the script result to syslog, but so far, I don´t know how to consider syslog as a new input for Falco or which syscall I need to call in my script.

 

Can you help me, please?

 

Best regards

 

 

All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.


Leonardo Grasso
 

Hi Raul,

Thanks for reaching out! I'm not sure I've fully understood your question, so I can't give an answer right now.

However, I'd suggest you to ask in our Slack channel:


Thank you,

Leo


On Wed, Dec 21, 2022, 01:24 Raul Rodriguez <raul.rodriguez@...> wrote:

 

Hi Community:

 

I don´t know if this is the right place to ask, but in StackFlow, despite my case having seven views, nobody answered yet

 

My problem is this:

 

I want to run a container a she¡l script (I´m using docker, but my final target is AWS Fargate). The script produces an output that I can send to stdout or syslog. The issue is that I can´t recover the output from triggering a Falco rule that its output is exactly the script output.

 

For more information, what I´m trying to achieve is this:

 

If I already have text files, with the files allowed to be in a directory and the SHA256 of each one of them. I want to know if the allowed files have appeared or disappeared or if the SHA 256 of one of them is not what I expected.

 

I was trying to log the script result to syslog, but so far, I don´t know how to consider syslog as a new input for Falco or which syscall I need to call in my script.

 

Can you help me, please?

 

Best regards

 

 

All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.