Ramakant Sharma

Results 45 comments of Ramakant Sharma

added ptrace system call to system monitor

> We support blocking Syscalls? ig yes https://docs.kubearmor.com/kubearmor/getting-started/security_policy_specification#syscalls

added ptrace system call to system monitor

> But we only did audit? yes it seems currently only audit is supported.

added ptrace system call to system monitor

> Then why do you have a Permission denied alert? sweat_smile ig it's because sys_ptrace capability is not assigned by default by the container runtime. and we get alerts for...

added ptrace system call to system monitor

> Okay. Makes sense. But the ptrace observer we adding. Shouldn't it show up with `Operation: Syscall`? provided ptrace is allowed. Operation is not Syscall because there's no policy applied...

added ptrace system call to system monitor

currently we are not auditing ptrace syscall [Audit Syscalls](https://github.com/kubearmor/KubeArmor/blob/main/KubeArmor/monitor/syscallParser.go#L773), but i tested it with local changes adding ptrace to syscall list and i'm getting the alert with `Operation: Syscall`. ```...

added ptrace system call to system monitor

> > currently we are not auditing ptrace syscall [Audit Syscalls](https://github.com/kubearmor/KubeArmor/blob/main/KubeArmor/monitor/syscallParser.go#L773) > > Is this added here? Changes to audit ptrace? no should it be added?

added ptrace system call to system monitor

added ptrace to audit syscalls, tested locally ```== Alert / 2022-11-25 08:12:26.709259 == ClusterName: default HostName: hp NamespaceName: multiubuntu PodName: ubuntu-3-deployment-7cc5cf69f7-ztnzc Labels: container=ubuntu-3,group=group-1 ContainerName: ubuntu-3-container ContainerID: d2efaf88f36049a20b36a8685159c51019dac5faf09fe26e49a154b3e207f573 ContainerImage: docker.io/kubearmor/ubuntu-w-utils:0.1@sha256:b4693b003ed1fbf7f5ef2c8b9b3f96fd853c30e1b39549cf98bd772fbd99e260 Type:...

using configmap and grpc for configuration handling

Lets consider a scenario, - Current global config default posture for file, network and capability is `audit`. - There is a namespace `temp` and it's annotated with `kubearmor-network-posture=block`. therefore default...

using configmap and grpc for configuration handling

pushed the changes to WIP PR #832 I've refactored the entire logic, added tests, ignore over-commenting/logging for now :grin: PTAL @daemon1024 , @nyrahul

modifies the detect enforcer function in the controller

@swastik959 thanks for your contribution, can you also handle the deployment related changes with this PR itself.