From 1639c5f5ff5e3d7483b73945820ec076e18af1b2 Mon Sep 17 00:00:00 2001
From: George Tsigourakos <gtsigourakos@skroutz.gr>
Date: Mon, 4 Mar 2024 23:04:36 +0200
Subject: [PATCH] Use fd instead of /dev/stdout

---
 cfg/cs.falconhoseclient.cfg.template | 2 +-
 entrypoint.sh                        | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/cfg/cs.falconhoseclient.cfg.template b/cfg/cs.falconhoseclient.cfg.template
index 52921c6..95822e7 100644
--- a/cfg/cs.falconhoseclient.cfg.template
+++ b/cfg/cs.falconhoseclient.cfg.template
@@ -32,7 +32,7 @@ output_format = json
 # Will be true regardless if Syslog is not enabled
 # If path does not exist or user has no permission, log file will be used
 output_to_file = true
-output_path = /dev/stdout
+output_path = /dev/fd/1
 
 # Offset file full filepath and filename
 offset_path = /var/log/crowdstrike/falconhoseclient/stream_offsets
diff --git a/entrypoint.sh b/entrypoint.sh
index 65c05d7..eec30a7 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -3,7 +3,6 @@
 WORKDIR="/home/user"
 CONFIGDIR="/opt/crowdstrike/etc"
 CONFIG="cs.falconhoseclient.cfg"
-LOGDIR="/var/log/crowdstrike/falconhoseclient"
 
 # Read the .env file properties
 F_CLIENT_ID="$(grep CLIENT_ID .env | awk -F'=' '{print $2}')"
@@ -31,5 +30,5 @@ fi
 # Substitute things properly
 export $(echo "CLIENT_ID=$CLIENT_ID CLIENT_SECRET=$CLIENT_SECRET API_BASE_URL=$API_BASE_URL") && envsubst < "${WORKDIR}/${CONFIG}.template" > "${CONFIGDIR}/${CONFIG}"
 
-# Run this in the background and output the enrollment into a file
+# Run the client
 cs.falconhoseclient -nodaemon -config="${CONFIGDIR}/${CONFIG}" 2>&1