diff --git a/Dockerfile b/Dockerfile index d1eb40d..b6c26aa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,9 +20,6 @@ RUN apt-get update && apt-get install -y gettext-base curl COPY deb/crowdstrike-cs-falconhoseclient_2.18.0_amd64.deb "${WORKDIR}/crowdstrike.deb" RUN dpkg -i "${WORKDIR}/crowdstrike.deb" -# Create output file -RUN touch /var/log/crowdstrike/falconhoseclient/output - # Prepare a simple user instead of root RUN groupadd -g 1000 user && useradd -r -u 1000 -g user user RUN chown -R user:user /var/log/crowdstrike/falconhoseclient diff --git a/cfg/cs.falconhoseclient.cfg.template b/cfg/cs.falconhoseclient.cfg.template index 930537b..52921c6 100644 --- a/cfg/cs.falconhoseclient.cfg.template +++ b/cfg/cs.falconhoseclient.cfg.template @@ -32,7 +32,7 @@ output_format = json # Will be true regardless if Syslog is not enabled # If path does not exist or user has no permission, log file will be used output_to_file = true -output_path = /var/log/crowdstrike/falconhoseclient/output +output_path = /dev/stdout # Offset file full filepath and filename offset_path = /var/log/crowdstrike/falconhoseclient/stream_offsets diff --git a/entrypoint.sh b/entrypoint.sh index dc0ee82..65c05d7 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -32,7 +32,4 @@ fi export $(echo "CLIENT_ID=$CLIENT_ID CLIENT_SECRET=$CLIENT_SECRET API_BASE_URL=$API_BASE_URL") && envsubst < "${WORKDIR}/${CONFIG}.template" > "${CONFIGDIR}/${CONFIG}" # Run this in the background and output the enrollment into a file -cs.falconhoseclient -config="${CONFIGDIR}/${CONFIG}" 2>&1 - -# Poll the output to stdout -tail -f ${LOGDIR}/output > /dev/stdout +cs.falconhoseclient -nodaemon -config="${CONFIGDIR}/${CONFIG}" 2>&1