Add crypto miner files and DNS

kubescape · Sep 11, 2024 · 464a4c3 · 464a4c3
1 parent a832b4c
commit 464a4c3
Show file tree

Hide file tree

Showing 4 changed files with 1,675 additions and 0 deletions.
diff --git a/pkg/ruleengine/v1/factory.go b/pkg/ruleengine/v1/factory.go
@@ -34,6 +34,7 @@ func NewRuleCreator() *RuleCreatorImpl {
 			R1010SymlinkCreatedOverSensitiveFileRuleDescriptor,
 			R1011LdPreloadHookRuleDescriptor,
 			R1012HardlinkCreatedOverSensitiveFileRuleDescriptor,
+			R1013CryptoMiningFilesAccessRuleDescriptor,
 		},
 	}
 }

diff --git a/pkg/ruleengine/v1/r0001_unexpected_process_launched.go b/pkg/ruleengine/v1/r0001_unexpected_process_launched.go
@@ -76,6 +76,7 @@ func (rule *R0001UnexpectedProcessLaunched) generatePatchCommand(event *tracerex
 }
 
 func (rule *R0001UnexpectedProcessLaunched) ProcessEvent(eventType utils.EventType, event interface{}, objectCache objectcache.ObjectCache) ruleengine.RuleFailure {
+
 	if eventType != utils.ExecveEventType {
 		return nil
 	}
-Original file line number
+Diff line change
@@ Expand Up @@
     }
     func (rule *R0001UnexpectedProcessLaunched) ProcessEvent(eventType utils.EventType, event interface{}, objectCache objectcache.ObjectCache) ruleengine.RuleFailure {
     	if eventType != utils.ExecveEventType {
     		return nil
     	}
@@ Expand Down @@