From c60520231ab8ac69745a0734eae7ccfcff122a46 Mon Sep 17 00:00:00 2001
From: Kapil Sharma <ks3913688@gmail.com>
Date: Fri, 5 Apr 2024 00:42:28 +0530
Subject: [PATCH] Update and rename
 contact_ec2_instance_metadata_from_container.go to
 contact_ec2_instance_metadata_service_from_container.go

Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
---
 ...stance_metadata_service_from_container.go} | 22 ++++++++++---------
 1 file changed, 12 insertions(+), 10 deletions(-)
 rename events/syscall/{contact_ec2_instance_metadata_from_container.go => contact_ec2_instance_metadata_service_from_container.go} (67%)

diff --git a/events/syscall/contact_ec2_instance_metadata_from_container.go b/events/syscall/contact_ec2_instance_metadata_service_from_container.go
similarity index 67%
rename from events/syscall/contact_ec2_instance_metadata_from_container.go
rename to events/syscall/contact_ec2_instance_metadata_service_from_container.go
index aec4dcfe..7cd2b374 100644
--- a/events/syscall/contact_ec2_instance_metadata_from_container.go
+++ b/events/syscall/contact_ec2_instance_metadata_service_from_container.go
@@ -14,26 +14,28 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-
 package syscall
 
 import (
-    "net"
-
+    "os/exec"
     "github.com/falcosecurity/event-generator/events"
 )
 
-var _ = events.Register(ContactEC2InstanceMetadataFromContainer)
+var _ = events.Register(
+    ContactEC2InstanceMetadataServiceFromContainer,
+    events.WithDisabled(), // this rule is not included in falco_rules.yaml (stable rules), so disable the action
+)
 
-func ContactEC2InstanceMetadataFromContainer(h events.Helper) error {
+func ContactEC2InstanceMetadataServiceFromContainer(h events.Helper) error {
     if h.InContainer() {
-        conn, err := net.Dial("tcp", "169.254.169.254:80")
-        if err != nil {
+
+        cmd := exec.Command("timeout", "1s", "nc", "169.254.169.254", "80")
+    
+        if err := cmd.Run(); err != nil {
             return err
-		}
+        }
 
         h.Log().Infof("Outbound connection to EC2 instance metadata service")
-        defer conn.Close()    
 	}
     return nil
-}
\ No newline at end of file
+}