Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(feeder): fix alert duplication #1957

Merged
merged 2 commits into from
Jan 31, 2025
Merged

fix(feeder): fix alert duplication #1957

merged 2 commits into from
Jan 31, 2025

Conversation

rksharma95
Copy link
Collaborator

Purpose of PR?:
feeder has a bug introduced with PR #1743 that system monitor events were processed when EnforcerAlerts: true which should not be happened. when EnforcerAlerts: true enforcer should be the source of alerts.

== Alert / 2025-01-29 05:58:24.249900 ==
ClusterName: default
HostName: archlinux
NamespaceName: presets
PodName: fileless-6ddb647d44-crzhd
Labels: app=fileless
ContainerName: fileless
ContainerID: 5f0a4acd0d0e6951c158f0b2ed78c8018997d5fae95ca0c1507b0324a261974d
ContainerImage: kubearmor/ubuntu-w-utils:0.2@sha256:3e51e92a839b5e8f0dba01e08ec21fa2c1afe85111544a45aba29708c52de44f
Type: MatchedPolicy
PolicyName: block-etc-passwd
Severity: 3
Message: An attempt to access credential files was made.
Source: /usr/bin/cat /etc/passwd
Resource: /etc/passwd
Operation: File
Action: Block
Data: lsm=FILE_OPEN
Enforcer: BPFLSM
Result: Permission denied
Cwd: /
HostPID: 106315
HostPPID: 74880
Owner: map[Name:fileless Namespace:presets Ref:Deployment]
PID: 133
PPID: 74880
ProcessName: /usr/bin/cat
UID: 0
== Alert / 2025-01-29 05:58:24.249915 ==
ClusterName: default
HostName: archlinux
NamespaceName: presets
PodName: fileless-6ddb647d44-crzhd
Labels: app=fileless
ContainerName: fileless
ContainerID: 5f0a4acd0d0e6951c158f0b2ed78c8018997d5fae95ca0c1507b0324a261974d
ContainerImage: kubearmor/ubuntu-w-utils:0.2@sha256:3e51e92a839b5e8f0dba01e08ec21fa2c1afe85111544a45aba29708c52de44f
Type: MatchedPolicy
PolicyName: block-etc-passwd
Severity: 3
Message: An attempt to access credential files was made.
Source: /usr/bin/cat /etc/passwd
Resource: /etc/passwd
Operation: File
Action: Block
Data: syscall=SYS_OPENAT fd=-100 flags=O_RDONLY
Enforcer: BPFLSM
Result: Permission denied
Cwd: /
HostPID: 106315
HostPPID: 74880
Owner: map[Name:fileless Namespace:presets Ref:Deployment]
PID: 133
PPID: 112
ParentProcessName: /usr/bin/bash
ProcessName: /usr/bin/cat
TTY: pts0
UID: 0

Does this PR introduce a breaking change?
No
If the changes in this PR are manually verified, list down the scenarios covered::

Additional information for reviewer? :
Mention if this PR is part of any design or a continuation of previous PRs

Checklist:

  • Bug fix.
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • PR Title follows the convention of <type>(<scope>): <subject>
  • Commit has unit tests
  • Commit has integration tests

@rksharma95 rksharma95 force-pushed the fix-alerts-duplication branch from c2d9ec0 to 145bccf Compare January 30, 2025 06:48
Aryan-sharma11
Aryan-sharma11 requested changes Jan 31, 2025
View reviewed changes
KubeArmor/types/types.go Outdated Show resolved Hide resolved
@rksharma95 rksharma95 force-pushed the fix-alerts-duplication branch from fe5a6be to 5882551 Compare January 31, 2025 08:42
Aryan-sharma11
Aryan-sharma11 approved these changes Jan 31, 2025
View reviewed changes
Copy link
Member

@Aryan-sharma11 Aryan-sharma11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@daemon1024 daemon1024 merged commit a683113 into kubearmor:main Jan 31, 2025
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daemon1024 daemon1024 daemon1024 approved these changes

@Aryan-sharma11 Aryan-sharma11 Aryan-sharma11 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rksharma95 @daemon1024 @Aryan-sharma11