-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added an event for default stable rule 'Drop and execute new binary in container' #196
Added an event for default stable rule 'Drop and execute new binary in container' #196
Conversation
… container Signed-off-by: GLVS Kiriti <glvskiriti2003369@gmail.com>
@FedeDP @leogr this rule also triggering fine but the question is whats your feedback on generating an executable binary with go build command. In order to execute this event to trigger the rule we need a executable binary which is not part of base image. So IMO best option is creating a executable, so I used go build. Wdyt? Is there any better alternative to generate this event |
I think we should definitively avoid depending on any compiler, including Go. I hope we can exploit the Thank you for your patience 😇 |
…ating a new binary Signed-off-by: GLVS Kiriti <glvskiriti2003369@gmail.com>
@leogr @FedeDP I came up with a new solution please provide the feedback. Instead of creating a new binary be relying on go lang etc.. I copied the binary file of ls command i.e, /bin/ls and created a new binary in /bin i.e, /bin/ls-created-by-event-generator Now I executed the command ls-created-by-event-generator which is new binary created by us in container i.e, it is not part of docker image used to create container. So even the command is unsuccessful it triggers the rule. I tested it by running the following commands in alpine container
|
It LGTM, cc @leogr wdyt? |
LGTM label has been added. Git tree hash: 7e05ae089e2399fc64323527587f51e3abe901f9
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: GLVSKiriti, leogr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area events
What this PR does / why we need it:
Added an event for default stable rule 'Drop and execute new binary in container' as mentioned here
Which issue(s) this PR fixes:
Fixes #195
Special notes for your reviewer: