diff --git a/cmd/tracee-rules/main.go b/cmd/tracee-rules/main.go index 20c6c6eda45a..a53aed75b815 100644 --- a/cmd/tracee-rules/main.go +++ b/cmd/tracee-rules/main.go @@ -4,6 +4,8 @@ import ( "context" "errors" "fmt" + "github.com/aquasecurity/tracee/pkg/cmd/initialize/initialize_sigs" + "github.com/aquasecurity/tracee/pkg/events" "io" "os" "os/signal" @@ -27,6 +29,8 @@ const ( signatureBufferFlag = "sig-buffer" ) +var inputs engine.EventSources + func main() { app := &cli.App{ Name: "tracee-rules", @@ -116,8 +120,6 @@ func main() { return nil } - var inputs engine.EventSources - opts, err := parseTraceeInputOptions(c.StringSlice("input-tracee")) if err == errHelp { printHelp() @@ -142,7 +144,7 @@ func main() { if err != nil { return err } - + _ = initialize_sigs.CreateEventsFromSignatures(events.StartSignatureID, sigs) config := engine.Config{ SignatureBufferSize: c.Uint(signatureBufferFlag), Signatures: sigs, diff --git a/cmd/tracee-rules/output.go b/cmd/tracee-rules/output.go index ec9ec8023498..80b2b9ded036 100644 --- a/cmd/tracee-rules/output.go +++ b/cmd/tracee-rules/output.go @@ -57,8 +57,17 @@ func setupOutput(w io.Writer, webhook string, webhookTemplate string, contentTyp go func(w io.Writer, tWebhook, tOutput *template.Template) { for res := range out { - switch res.Event.Payload.(type) { + switch e := res.Event.Payload.(type) { case trace.Event: + select { + case _, ok := <-inputs.Tracee: + if !ok { + logger.Debugw("Tracee input channel closed") + return + } + default: + inputs.Tracee <- e.ToProtocol() + } if err := tOutput.Execute(w, res); err != nil { logger.Errorw("Writing to output: " + err.Error()) } diff --git a/cmd/tracee/cmd/list.go b/cmd/tracee/cmd/list.go index 6683f839c5c9..a1d5ba55ec21 100644 --- a/cmd/tracee/cmd/list.go +++ b/cmd/tracee/cmd/list.go @@ -1,13 +1,13 @@ package cmd import ( + "github.com/aquasecurity/tracee/pkg/cmd/initialize/initialize_sigs" "os" "github.com/open-policy-agent/opa/compile" "github.com/spf13/cobra" "github.com/aquasecurity/tracee/pkg/cmd" - "github.com/aquasecurity/tracee/pkg/cmd/initialize" "github.com/aquasecurity/tracee/pkg/events" "github.com/aquasecurity/tracee/pkg/logger" "github.com/aquasecurity/tracee/pkg/signatures/signature" @@ -53,7 +53,7 @@ var listCmd = &cobra.Command{ os.Exit(1) } - initialize.CreateEventsFromSignatures(events.StartSignatureID, sigs) + initialize_sigs.CreateEventsFromSignatures(events.StartSignatureID, sigs) includeSigs := true wideOutput := c.Flags().Lookup("wide").Value.String() == "true" diff --git a/pkg/cmd/cobra/cobra.go b/pkg/cmd/cobra/cobra.go index a37aa9e70c32..5908ab678fa4 100644 --- a/pkg/cmd/cobra/cobra.go +++ b/pkg/cmd/cobra/cobra.go @@ -2,6 +2,7 @@ package cobra import ( "errors" + "github.com/aquasecurity/tracee/pkg/cmd/initialize/initialize_sigs" "github.com/spf13/cobra" "github.com/spf13/viper" @@ -67,7 +68,7 @@ func GetTraceeRunner(c *cobra.Command, version string) (cmd.Runner, error) { return runner, err } - sigNameToEventId := initialize.CreateEventsFromSignatures(events.StartSignatureID, sigs) + sigNameToEventId := initialize_sigs.CreateEventsFromSignatures(events.StartSignatureID, sigs) // Initialize a tracee config structure diff --git a/pkg/cmd/initialize/sigs.go b/pkg/cmd/initialize/initialize_sigs/sigs.go similarity index 99% rename from pkg/cmd/initialize/sigs.go rename to pkg/cmd/initialize/initialize_sigs/sigs.go index 25a464e3bc6d..6cac70af4c0c 100644 --- a/pkg/cmd/initialize/sigs.go +++ b/pkg/cmd/initialize/initialize_sigs/sigs.go @@ -1,4 +1,4 @@ -package initialize +package initialize_sigs import ( "strconv" diff --git a/pkg/cmd/initialize/sigs_test.go b/pkg/cmd/initialize/initialize_sigs/sigs_test.go similarity index 99% rename from pkg/cmd/initialize/sigs_test.go rename to pkg/cmd/initialize/initialize_sigs/sigs_test.go index 7d66220b4d9b..b2a88f3d14d4 100644 --- a/pkg/cmd/initialize/sigs_test.go +++ b/pkg/cmd/initialize/initialize_sigs/sigs_test.go @@ -1,4 +1,4 @@ -package initialize +package initialize_sigs import ( "testing"