wazuh agent in docker container

[OD]

Is it best practice to insert a wazuh agent in a docker container?  Is there an sample code to include in a  Dockerfile?

[Victor Fernandez]

Hi,

All depends on how you want to deploy your system. While Wazuh is a host IDS, the agent is designed to monitor what is happening in it, this includes log files, the status of some critical files (file integrity monitoring), security configuration, list of installed packages, OS version and lots more.

Isolating an agent that is monitoring your system has no sense IMHO. If you run an agent inside a container, it would report the status of the files of the container (the agent itself) the "operating system" used as the base of the container. If you wanted to report the status of the host you should share a lot of folders and probably run the container in privileged mode.

If you have a system based on containers, I think the agent should run on the host itself and not inside a container. This way you could get the status of the host and some applications running on the containers (by getting the logs or sharing some folders).

Hope it help.

Best regards,

Victor M Fernandez-Castro 
IT Engineer — Wazuh, Inc.

On Sat, Jun 9, 2018 at 6:48 PM, OD <odoi...@payrailz.com> wrote:

Is it best practice to insert a wazuh agent in a docker container?  Is there an sample code to include in a  Dockerfile?

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/432d3c6a-c21a-4b9a-b6cf-7d9d8f32e482%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.