Hi
any know which version of tracee are we expected to use in the CKS exam?
The latest version is very different than the one used in KodeKloud (0.4.0).
- There are now 2 versions: a full and a portable.
- Depending on the kernel, you can use the portable version which has less setup
- The --trace command will not work without setting the environment variable TRACEE_EBPF_ONLY=1
Regards