Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

increase timeout for syscall.DisallowedSSHConnectionNonStandardPort #224

Merged
merged 1 commit into from
Sep 23, 2024
Merged

increase timeout for syscall.DisallowedSSHConnectionNonStandardPort #224

merged 1 commit into from
Sep 23, 2024

Conversation

prezha
Copy link
Contributor

@prezha prezha commented Sep 20, 2024
edited
Loading

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area events

What this PR does / why we need it:

on some systems, the syscall.DisallowedSSHConnectionNonStandardPort event does not trigger due to too short timeout of 1s, so we're increasing it to 5s

Which issue(s) this PR fixes:

Fixes #221

Special notes for your reviewer:

//cc: @leogr i was able to reproduce the issue on lima and arm64 mac, but have not seen it on minikube or "vanilla" ubuntu kvm vm on linux x86/amd64 before: signal: killed comes from the context timeout that was apparently too short in this case

$ falco --version
Fri Sep 20 19:09:58 2024: Falco version: 0.38.2 (aarch64)
Fri Sep 20 19:09:58 2024: Falco initialized with configuration files:
Fri Sep 20 19:09:58 2024:    /etc/falco/falco.yaml
Fri Sep 20 19:09:58 2024: System info: Linux version 6.8.0-41-generic (buildd@bos03-arm64-063) (aarch64-linux-gnu-gcc-13 (Ubuntu 13.2.0-23ubuntu4) 13.2.0, GNU ld (GNU Binutils for Ubuntu) 2.42) #41-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug  2 23:26:06 UTC 2024
Falco version: 0.38.2
Libs version:  0.17.3
Plugin API:    3.6.0
Engine:        0.40.0
Driver:
  API version:    8.0.0
  Schema version: 2.0.0
  Default driver: 7.2.1+driver

$ sudo ./event-generator -l debug test syscall.DisallowedSSH
DEBU running with args: ./event-generator -l debug test syscall.DisallowedSSH
DEBU running without a configuration file
DEBU running with options                          loglevel=debug
INFO sleep for 100ms                               action=syscall.DisallowedSSHConnectionNonStandardPort
DEBU failed to run ssh command (this is expected)  action=syscall.DisallowedSSHConnectionNonStandardPort error="exit status 255"
INFO test passed                                   action=syscall.DisallowedSSHConnectionNonStandardPort rule="Disallowed SSH Connection Non Standard Port" source=syscall

@poiana poiana requested review from alacuku and FedeDP September 20, 2024 18:04
@poiana poiana added the size/XS label Sep 20, 2024
@prezha prezha mentioned this pull request Sep 20, 2024
Closed
leogr
leogr approved these changes Sep 23, 2024
View reviewed changes
Copy link
Member

@leogr leogr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Thank you!

@poiana poiana added the lgtm label Sep 23, 2024
@poiana
Copy link

poiana commented Sep 23, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: leogr, prezha

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link

poiana commented Sep 23, 2024

LGTM label has been added.

Git tree hash: fe655897245d9c896ff43944f9a8522a48a9989c

@poiana poiana merged commit f0a403c into falcosecurity:main Sep 23, 2024
4 checks passed
@leogr leogr added this to the v0.12.0 milestone Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leogr leogr leogr approved these changes

@alacuku alacuku Awaiting requested review from alacuku

@FedeDP FedeDP Awaiting requested review from FedeDP

Assignees

@leogr leogr

Labels
approved area/events dco-signoff: yes kind/bug lgtm size/XS
Projects
None yet
Milestone
v0.12.0
Development

Successfully merging this pull request may close these issues.

syscall.DisallowedSSHConnectionNonStandardPort does not trigger
3 participants
@prezha @poiana @leogr