From 6c5643b8024b10f046b25e9aced5b5cc58da38ec Mon Sep 17 00:00:00 2001
From: h4l0gen <ks3913688@gmail.com>
Date: Tue, 19 Mar 2024 19:47:17 +0530
Subject: [PATCH 1/4] adding event on launch network tool on host

Signed-off-by: h4l0gen <ks3913688@gmail.com>
---
 events/syscall/launch_network_tool_on_host.go | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 events/syscall/launch_network_tool_on_host.go

diff --git a/events/syscall/launch_network_tool_on_host.go b/events/syscall/launch_network_tool_on_host.go
new file mode 100644
index 00000000..ee64053c
--- /dev/null
+++ b/events/syscall/launch_network_tool_on_host.go
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2024 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package syscall
+
+import (
+    "os/exec"
+
+    "github.com/falcosecurity/event-generator/events"
+)
+
+var _ = events.Register(LaunchSuspiciousNetworkToolOnHost)
+
+func LaunchSuspiciousNetworkToolOnHost(h events.Helper) error {
+
+    cmd := exec.Command("nmap", "-sn", "192.168.1.0/24")
+    h.Log().Infof("Network tool launched in host")
+
+    if err := cmd.Run(); err != nil {
+        return err
+    }
+
+    return nil
+}
\ No newline at end of file

From d4fbe236203660fccde651ccda52fb102a8087e2 Mon Sep 17 00:00:00 2001
From: Kapil Sharma <ks3913688@gmail.com>
Date: Thu, 28 Mar 2024 02:31:02 +0530
Subject: [PATCH 2/4] Rename launch_network_tool_on_host.go to
 launch_suspicious_network_tool_on_host.go

Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
---
 ...ool_on_host.go => launch_suspicious_network_tool_on_host.go} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename events/syscall/{launch_network_tool_on_host.go => launch_suspicious_network_tool_on_host.go} (99%)

diff --git a/events/syscall/launch_network_tool_on_host.go b/events/syscall/launch_suspicious_network_tool_on_host.go
similarity index 99%
rename from events/syscall/launch_network_tool_on_host.go
rename to events/syscall/launch_suspicious_network_tool_on_host.go
index ee64053c..6da6f0bb 100644
--- a/events/syscall/launch_network_tool_on_host.go
+++ b/events/syscall/launch_suspicious_network_tool_on_host.go
@@ -32,4 +32,4 @@ func LaunchSuspiciousNetworkToolOnHost(h events.Helper) error {
     }
 
     return nil
-}
\ No newline at end of file
+}

From dd5938b4b9feee469bc89ef87c47f91b376d096e Mon Sep 17 00:00:00 2001
From: Kapil Sharma <ks3913688@gmail.com>
Date: Thu, 28 Mar 2024 16:38:25 +0530
Subject: [PATCH 3/4] Update launch_suspicious_network_tool_on_host.go

Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
---
 events/syscall/launch_suspicious_network_tool_on_host.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/events/syscall/launch_suspicious_network_tool_on_host.go b/events/syscall/launch_suspicious_network_tool_on_host.go
index 6da6f0bb..590c3530 100644
--- a/events/syscall/launch_suspicious_network_tool_on_host.go
+++ b/events/syscall/launch_suspicious_network_tool_on_host.go
@@ -23,7 +23,12 @@ import (
 var _ = events.Register(LaunchSuspiciousNetworkToolOnHost)
 
 func LaunchSuspiciousNetworkToolOnHost(h events.Helper) error {
-
+    nmap, err := exec.LookPath("nmap")
+    if err != nil {
+      h.Log().Warnf("nmap is needed to launch this action")
+      return err
+    }
+    
     cmd := exec.Command("nmap", "-sn", "192.168.1.0/24")
     h.Log().Infof("Network tool launched in host")
 

From 5261f388064f2e8199ccd20f4a4c23ba81cf2853 Mon Sep 17 00:00:00 2001
From: Kapil Sharma <ks3913688@gmail.com>
Date: Thu, 28 Mar 2024 16:53:48 +0530
Subject: [PATCH 4/4] Update
 events/syscall/launch_suspicious_network_tool_on_host.go

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
---
 events/syscall/launch_suspicious_network_tool_on_host.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/events/syscall/launch_suspicious_network_tool_on_host.go b/events/syscall/launch_suspicious_network_tool_on_host.go
index 590c3530..79f6c891 100644
--- a/events/syscall/launch_suspicious_network_tool_on_host.go
+++ b/events/syscall/launch_suspicious_network_tool_on_host.go
@@ -29,7 +29,7 @@ func LaunchSuspiciousNetworkToolOnHost(h events.Helper) error {
       return err
     }
     
-    cmd := exec.Command("nmap", "-sn", "192.168.1.0/24")
+    cmd := exec.Command(nmap, "-sn", "192.168.1.0/24")
     h.Log().Infof("Network tool launched in host")
 
     if err := cmd.Run(); err != nil {