Skip to content

Commit

Permalink
Update and rename contact_ec2_instance_metadata_from_container.go to …
Browse files Browse the repository at this point in the history 
…contact_ec2_instance_metadata_service_from_container.go

Signed-off-by: Kapil Sharma <[email protected]>
  • Loading branch information
@h4l0gen
h4l0gen authored Apr 4, 2024
1 parent 6e9421b commit c605202
Showing 1 changed file with 12 additions and 10 deletions.
22 changes: 12 additions & 10 deletions ...t_ec2_instance_metadata_from_container.go → ...stance_metadata_service_from_container.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,26 +14,28 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package syscall

import (
"net"

"os/exec"
"github.com/falcosecurity/event-generator/events"
)

var _ = events.Register(ContactEC2InstanceMetadataFromContainer)
var _ = events.Register(
ContactEC2InstanceMetadataServiceFromContainer,
events.WithDisabled(), // this rule is not included in falco_rules.yaml (stable rules), so disable the action
)

func ContactEC2InstanceMetadataFromContainer(h events.Helper) error {
func ContactEC2InstanceMetadataServiceFromContainer(h events.Helper) error {
if h.InContainer() {
conn, err := net.Dial("tcp", "169.254.169.254:80")
if err != nil {

cmd := exec.Command("timeout", "1s", "nc", "169.254.169.254", "80")

if err := cmd.Run(); err != nil {
return err
}
}

h.Log().Infof("Outbound connection to EC2 instance metadata service")
defer conn.Close()
}
return nil
}
}

0 comments on commit c605202

Please sign in to comment.