Convox Community

Vulnerability Management

Not sure if this is possible, didn’t see a mention of it in the docs, but is there any way that we could install custom packages on the EC2 instances provisioned by Convox?

Looking to install a vulnerability management tool, based around OSQuery, to monitor our infrastructure.

1 Like

Hey @chris,
You could either specify your own custom AMI for use by the Rack (https://docs.convox.com/reference/rack-parameters#ami) to have a completely custom image, but with the downsides of needing to maintain that and manage it.
Alternatively you can pass in Instance Boot (https://docs.convox.com/reference/rack-parameters#instancebootcommand) or Instance Run (https://docs.convox.com/reference/rack-parameters#instancebootcommand) commands that you could potentially use to install your packages with?

Hope that helps
Ed

1 Like

That looks like it might work.

Probably a slightly dumb question but is there any trick when it comes to escaping quotes in the command itself? I’m trying to do something similar to the below, but doesn’t seem to like the quotes around the command string.

convox rack params set 'InstanceBootCommand="bash -c "(curl -L https://path/to/install.sh)""'

1 Like

You don’t need to wrap the whole thing in those single quotes if that helps to differentiate the inner command…