❯ k logs aqua-enforcer-ds-6stjx -n aqua ─╯ Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' I0314 15:53:01.535072 19700 seagent.cpp:327] Aqua Security 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:53:58 I0314 15:53:01.535235 19700 miscfunc.cpp:930] Agent container id found: 345c815c4586cbe269437ff957d53167c92e771050757696e135d305eb6ab8d1 I0314 15:53:01.535277 19700 seagent.cpp:1151] Container id: 345c815c4586cbe269437ff957d53167c92e771050757696e135d305eb6ab8d1 I0314 15:53:01.535326 19700 seagent.cpp:1162] Installation directory: /var/lib/aquasec I0314 15:53:01.535378 19700 seagent.cpp:1186] Installation mode: service I0314 15:53:01.555171 19700 miscfunc.cpp:585] Get local hostIPs count is 3. I0314 15:53:01.555332 19700 server_unix.cpp:465] utls_net.c:729] Get physical IP, netpath=/host/sys/class/net, filesCount=19, rc=0 I0314 15:53:01.555393 19700 server_unix.cpp:465] utls_net.c:755] Get physical IP, netpath=/host/sys/class/net, ifr_name=eth1 , ip=10.0.5.53 I0314 15:53:01.555466 19700 server_unix.cpp:465] utls_net.c:755] Get physical IP, netpath=/host/sys/class/net, ifr_name=eth2 , ip=10.0.4.146 I0314 15:53:01.555524 19700 server_unix.cpp:465] utls_net.c:755] Get physical IP, netpath=/host/sys/class/net, ifr_name=eth0 , ip=10.0.4.99 I0314 15:53:01.555608 19700 miscfunc.cpp:627] Get physical hostIPs count is 3, inCont=true I0314 15:53:01.583132 19700 acldb.cpp:1676] Using Repo Images DB version no. 21 I0314 15:53:01.610611 19700 seagent.cpp:10135] Core file pattern 'core ' I0314 15:53:01.610769 19700 seagent.cpp:5437] Host id: Host name : ip-10-0-4-99.us-west-2.compute.internal Host short name : ip-10-0-4-99 Host IPs : '10.0.4.99' '10.0.5.53' '10.0.4.146' Host physical IP: '10.0.5.53' '10.0.4.146' '10.0.4.99' Host MAC : 02-2A-68-E6-14-6D I0314 15:53:01.610949 19700 seagent.cpp:1221] Host system: Pretty name : 'Amazon Linux 2' Short name : 'Amazon Linux' Id : 'amzn' Like : 'centos rhel fedora' Version : '2' Kernel : '5.10.184-175.731.amzn2.x86_64' I0314 15:53:01.611199 19700 preloadaux.cpp:1767] Get target fs type found fsname=/dev/nvme0n1p1 dir=/ type=xfs I0314 15:53:01.611258 19700 preloadaux.cpp:1660] V2. Find target FS dev major=259 minor=1 mnt_type=xfs rc=0 dev_path=/dev/nvme0n1p1 E0314 15:53:01.612144 19700 server_unix.cpp:459] smsg_internal.c:51] Failed to find file '/opt/aquasec/messages/CUSTOM/aquamsg.txt' I0314 15:53:01.612195 19700 preloadaux.cpp:2050] calling init search dl paths I0314 15:53:01.612239 19700 preloadaux.cpp:2060] Search libdl in the paths: '/lib' '/lib64' '/lib/x86_64-linux-gnu/' '/lib64/x86_64-linux-gnu/' '/lib/i386-linux-gnu/' I0314 15:53:01.612267 19700 preloadaux.cpp:2075] Search libc library in the paths: '/lib' '/lib64' '/lib/x86_64-linux-gnu/' '/lib64/x86_64-linux-gnu/' '/lib/i386-linux-gnu/' I0314 15:53:01.612287 19700 seagent.cpp:872] done calling init search libraries paths I0314 15:53:01.612370 19700 seagent.cpp:904] Set environment 32 bit support is on I0314 15:53:01.613792 19700 seagent.cpp:4443] Using node name: ip-10-0-4-99.us-west-2.compute.internal I0314 15:53:01.613929 19700 seagent.cpp:3181] Risk explorer auto discovery is disabled I0314 15:53:01.628154 19700 seagent.cpp:4547] Lightning mode is enabled I0314 15:53:01.630228 19700 seagent.cpp:4638] Enforcer will not verify the peer's certificate, please set AQUA_TLS_VERIFY=true to enable certificate verification I0314 15:53:01.630334 19700 seagent.cpp:1280] Image service multi registries mode: enabled I0314 15:53:01.630368 19700 seagent.cpp:1874] Enforcer is running in OPEN mode. I0314 15:53:01.630393 19700 seagent.cpp:1462] Enforcer is running in 'Network' CLOSE mode. I0314 15:53:01.636572 19700 seagent.cpp:2442] DiscoverEngineSockets: found process name: kubelet pid: 3167 socket: unix:///run/containerd/containerd.sock I0314 15:53:01.637166 19700 seagent.cpp:2457] Found engine: containerd socket: 'unix:///run/containerd/containerd.sock' I0314 15:53:01.637198 19700 seagent.cpp:2342] Assuming containerd environment I0314 15:53:01.638382 19700 seagent.cpp:1571] Memory pressure is not configured. No Memory Cap is configured. I0314 15:53:01.639245 19700 udslite.cpp:30] Increasing socket buffer 'SO_RCVBUF' to 524288 bytes I0314 15:53:01.639276 19700 udslite.cpp:65] Increased 'SO_RCVBUF' to 1048576 bytes I0314 15:53:01.639298 19700 udslite.cpp:30] Increasing socket buffer 'SO_SNDBUF' to 524288 bytes I0314 15:53:01.639320 19700 udslite.cpp:65] Increased 'SO_SNDBUF' to 1048576 bytes I0314 15:53:01.639447 19700 seagent.cpp:2987] Setting CRI runtime endpoint to /run/containerd/containerd.sock I0314 15:53:01.639479 19700 seagent.cpp:1950] Running on Kubernetes node I0314 15:53:04.228925 19700 cloudvendor.cpp:394] VM cloud information: VM Cloud vendor : AWS VM Account : 601017151385 VM ID : i-0a4d7f09ea4a96414 VM Image ID : ami-03e2c58d85e0721a5 VM Location : us-west-2 VM Private ip(s) : 10.0.4.99 VM Security group(s) : eksctl-elamaras-conformitron-rover-DONT-DELETE-nodegroup-true-SG-1P4S5B845S4S,eksctl-elamaras-conformitron-rover-DONT-DELETE-cluster-ClusterSharedNodeSecurityGroup-JHHFD77EPKLM I0314 15:53:12.368902 19700 getbundlepath.cpp:255] Runc bundle prefix path='/run/containerd/io.containerd.runtime.v2.task/k8s.io' bundle suffix path=' I0314 15:53:12.374464 19700 seagent.cpp:5602] Fanotify is supported. I0314 15:53:12.374945 19700 seagent.cpp:5622] Set runc_interception_mode fanotify. I0314 15:53:12.457479 21542 seagent.cpp:9791] Run PAM script '/var/lib/aquasec/config_pam_aquasec.sh' I0314 15:53:12.835772 19700 seagent.cpp:3044] CRI info: CRI server version : 1.6.19 CRI api version : v1 E0314 15:53:14.777091 19700 cndrcmds.cpp:233] Could not notify about workloads contexts update: failed to connect to all addresses W0314 15:53:14.777390 19700 sedockercmd.cpp:2547] Container workloads have not been notified about their contexts I0314 15:53:14.777629 19700 seagent.cpp:1851] Secrets feature: enabled I0314 15:53:14.779449 19700 seagent.cpp:4696] Set environment variable 'SLKD_OSVERSION_ID=amzn I0314 15:53:14.779528 19700 seagent.cpp:4703] Set environment variable 'SLKD_OSVERSION_NUM=2 I0314 15:53:14.779578 19700 seagent.cpp:4713] Set environment variable 'SLKD_PID=19700 I0314 15:53:14.779639 19700 seagent.cpp:4721] Set environment variable 'SLKD_CONTAINER_ID=345c815c4586cbe269437ff957d53167c92e771050757696e135d305eb6ab8d1 I0314 15:53:14.779662 19700 seagent.cpp:4745] Set environment variable 'SLKD_AV_PROTECTION=true I0314 15:53:14.779738 19700 seagent.cpp:4784] Set environment variable 'SLKD_RUNTIME_ENGINE=containerd' I0314 15:53:14.779788 19700 seagent.cpp:4794] Set environment variable 'SLKD_RUNTIME_ENDPOINT=/run/containerd/containerd.sock' I0314 15:53:14.779855 19700 seagent.cpp:4814] Set environment variable 'SLKD_RUNC_FANOTIFY_INTERCEPTION=true' I0314 15:53:14.779913 19700 seagent.cpp:4824] Set environment variable 'SLKD_RUNC_BUNDLE_PREFIX=/run/containerd/io.containerd.runtime.v2.task/k8s.io' I0314 15:53:14.779979 19700 seagent.cpp:4844] Set environment variable 'SLKD_RUNC_PATH=/usr/sbin/runc' I0314 15:53:14.780025 19700 seagent.cpp:4854] Set environment variable 'SLKD_RUNC_ROOT_PATH=/run/containerd/runc/k8s.io/' I0314 15:53:14.780073 19700 seagent.cpp:4871] Set environment variable 'SLKD_CONTAINERIZED=true' I0314 15:53:14.780097 19700 seagent.cpp:4877] Set environment variable 'SLKD_EXEC_CACHE=true' I0314 15:53:14.780117 19700 seagent.cpp:4883] Set environment variable 'SLKD_INTERCEPTOR_FAILOPEN=false' I0314 15:53:14.780143 19700 seagent.cpp:4889] Set environment variable 'SLKD_INTERCEPTOR_INTERVAL_FAILOPEN=5' I0314 15:53:14.780172 19700 seagent.cpp:4903] Set environment variable 'SLKD_CRIAPI_V1=1 I0314 15:53:14.780195 19700 seagent.cpp:4948] Set environment variable 'SLKD_PRIVILEGED=false' I0314 15:53:14.782287 19700 runcinterceptor.cpp:83] Using fanotify slkinterceptor-lite I0314 15:53:14.782444 23001 servicemodule.cpp:269] Attempting start slkd-hostproc I0314 15:53:14.785130 23002 forkmanager.cpp:62] Forked slkhostproc process with id: 23002 [slkhostproc] 2024/03/14 15:53:15 slkhostproc version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkhostproc] 2024/03/14 15:53:15 grpc server socket is : /var/lib/aquasec/audit/slkhostproc.sock I0314 15:53:15.782598 23018 servicemodule.cpp:269] Attempting start slkd-audit I0314 15:53:15.784188 23019 forkmanager.cpp:62] Forked slkaudit process with id: 23019 [slkaudit] 2024/03/14 15:53:16 slkaudit version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 I0314 15:53:16.783977 23038 servicemodule.cpp:269] Attempting start slkcndr I0314 15:53:16.784651 23039 forkmanager.cpp:62] Forked slkcndr process with id: 23039 2024-03-14 15:53:16.808 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:16.810 INFO app/app.go:122 [slkcndr] Using address d0653fe853-gw.cloud.aquasec.com:443 2024-03-14 15:53:16.810 INFO usecase/cloud.go:210 [slkcndr] Connection established with remote server d0653fe853-gw.cloud.aquasec.com:443 2024-03-14 15:53:16.811 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:16.814 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:16.815 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:16.816 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-106 2024-03-14 15:53:16.816 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-38 2024-03-14 15:53:16.816 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-11 2024-03-14 15:53:16.816 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-156 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-2 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-143 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-47 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-59 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-62 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-71 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-178 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-183 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-188 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-27 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-64 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-167 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-17 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-185 2024-03-14 15:53:16.817 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-66 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-94 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-13 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-28 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-29 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-78 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-3 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-139 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-173 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-36 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-39 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-1 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-144 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-2 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-24 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-7 2024-03-14 15:53:16.818 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-132 2024-03-14 15:53:16.819 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-140 2024-03-14 15:53:16.819 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-30 2024-03-14 15:53:16.819 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-108 2024-03-14 15:53:16.819 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-15 2024-03-14 15:53:16.819 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-162 2024-03-14 15:53:16.820 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-175 2024-03-14 15:53:16.820 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-51 2024-03-14 15:53:16.820 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-116 2024-03-14 15:53:16.820 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-153 2024-03-14 15:53:16.820 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-157 2024-03-14 15:53:16.820 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-21 2024-03-14 15:53:16.821 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-37 2024-03-14 15:53:16.821 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-57 2024-03-14 15:53:16.821 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-61 2024-03-14 15:53:16.821 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-96 2024-03-14 15:53:16.821 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-9 2024-03-14 15:53:16.821 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-138 2024-03-14 15:53:16.822 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-177 2024-03-14 15:53:16.822 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-114 2024-03-14 15:53:16.822 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-48 2024-03-14 15:53:16.822 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-54 2024-03-14 15:53:16.822 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-58 2024-03-14 15:53:16.822 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-9 2024-03-14 15:53:16.823 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-115 2024-03-14 15:53:16.823 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-134 2024-03-14 15:53:16.823 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-155 2024-03-14 15:53:16.823 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-180 2024-03-14 15:53:16.823 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-191 2024-03-14 15:53:16.823 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-10 2024-03-14 15:53:16.824 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-101 2024-03-14 15:53:16.824 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-166 2024-03-14 15:53:16.824 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-176 2024-03-14 15:53:16.824 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-182 2024-03-14 15:53:16.824 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-34 2024-03-14 15:53:16.824 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-84 2024-03-14 15:53:16.825 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-97 2024-03-14 15:53:16.825 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-154 2024-03-14 15:53:16.825 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-25 2024-03-14 15:53:16.826 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-3 2024-03-14 15:53:16.826 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-83 2024-03-14 15:53:16.826 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-122 2024-03-14 15:53:16.826 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-23 2024-03-14 15:53:16.827 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-80 2024-03-14 15:53:16.827 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-41 2024-03-14 15:53:16.827 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-3 2024-03-14 15:53:16.827 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-19 2024-03-14 15:53:16.827 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-26 2024-03-14 15:53:16.828 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-33 2024-03-14 15:53:16.828 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-86 2024-03-14 15:53:16.828 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-89 2024-03-14 15:53:16.828 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-91 2024-03-14 15:53:16.828 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-95 2024-03-14 15:53:16.828 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-112 2024-03-14 15:53:16.828 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-43 2024-03-14 15:53:16.828 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-55 2024-03-14 15:53:16.828 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-60 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-99 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-67 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-2 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-104 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-109 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-76 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-98 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-4 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-127 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-187 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-40 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-88 2024-03-14 15:53:16.829 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-90 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-1 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-35 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-63 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-6 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-123 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-135 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-16 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-163 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-181 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-49 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-74 2024-03-14 15:53:16.830 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-128 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-133 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-169 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-20 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-5 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-6 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-8 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-113 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-14 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-170 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-7 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-146 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-165 2024-03-14 15:53:16.831 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-22 2024-03-14 15:53:16.832 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-1 2024-03-14 15:53:16.832 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-107 2024-03-14 15:53:16.832 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-120 2024-03-14 15:53:16.832 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-129 2024-03-14 15:53:16.832 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-137 2024-03-14 15:53:16.832 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-141 2024-03-14 15:53:16.832 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-147 2024-03-14 15:53:16.832 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-45 2024-03-14 15:53:16.832 INFO eventsmanager/eventsmanager.go:227 [slkcndr] [Starting Events Manager...] 2024-03-14 15:53:16.832 INFO db/db.go:28 [slkcndr] Opening database file /data/cndr_events.db 2024-03-14 15:53:16.833 INFO eventsmanager/events.go:92 [slkcndr] [Starting re-sending of events from database...] 2024-03-14 15:53:16.833 INFO workloads/manager.go:138 [slkcndr] [Workloads Manager] Attempting Connection to gRPCServer. 2024-03-14 15:53:16.833 INFO eventsmanager/audits.go:87 [slkcndr] [Starting re-sending of audits from database...] I0314 15:53:17.784991 19700 runcinterceptor.cpp:53] Behavioral Engine with express mode only is on, therefore module is not activated [slkaudit] 2024/03/14 15:53:18 Trying to connect to GW via gRPC and address d0653fe853-gw.cloud.aquasec.com:443 I0314 15:53:18.794579 23092 servicemodule.cpp:269] Attempting start slkd-ocicfg I0314 15:53:18.796622 23093 forkmanager.cpp:62] Forked slkocicfg process with id: 23093 [slkocicfg] 2024/03/14 15:53:19 slkocicfg version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkocicfg] 2024/03/14 15:53:19 CRI API v1 version is supported? true [slkocicfg] 2024/03/14 15:53:19 Runtime Endpoint socket is : /run/containerd/containerd.sock, engine is: containerd [slkocicfg] 2024/03/14 15:53:19 containerd version is : 1.6.19 I0314 15:53:19.795820 19700 pkgquerymodule.cpp:71] Behavioral Engine with express mode only is on, therefore module is not activated I0314 15:53:20.797081 23143 servicemodule.cpp:269] Attempting start slkd-scan I0314 15:53:20.799367 23144 forkmanager.cpp:62] Forked slkscan process with id: 23144 [slkscan] 2024/03/14 15:53:21 slkscan version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkscan] 2024/03/14 15:53:21 Starting Server.... [slkscan] 2024/03/14 15:53:21 Starting Scan Manager .... [slkscan] 2024/03/14 15:53:21 Starting Host Assurance Manager .... [slkscan] 2024/03/14 15:53:21 Intializing scanners .... [slkscan] 2024/03/14 15:53:21 Intializing scanner .... [slkscan] 2024/03/14 15:53:21 Intializing scanner .... [slkscan] 2024/03/14 15:53:21 Intializing scanner .... [slkscan] 2024/03/14 15:53:21 Intializing scanner .... [slkscan] 2024/03/14 15:53:21 Intializing scanner .... I0314 15:53:21.798183 23189 servicemodule.cpp:269] Attempting start HostSecModule I0314 15:53:21.800621 23190 forkmanager.cpp:62] Forked slkhostsecd process with id: 23190 I0314 15:53:21.869740 23190 procsmap.cpp:182] check system 'CONFIG_PROC_EVENTS' returned 'e' I0314 15:53:21.873270 23190 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:6 I0314 15:53:21.879535 23190 slkhostsecd.cpp:164] fanotify is supported I0314 15:53:21.879643 23190 filenotify.cpp:255] slkhostsecd is running in container, db path '/var/lib/aquasec/data' I0314 15:53:21.880240 23190 filenotify.cpp:1665] Package manager detected. path: /var/lib/rpm I0314 15:53:21.880326 23190 filenotify.cpp:278] Capability CAP_LINUX_IMMUTABLE is not supported, blocked files may be deleted E0314 15:53:22.015790 23191 cndrcmds.cpp:233] Could not notify about workloads contexts update: failed to connect to all addresses W0314 15:53:22.016064 23191 sedockercmd.cpp:8363] Workload '__HOST__' has not been notified about its context I0314 15:53:22.016244 23203 slkhostsecd.cpp:1035] User activity trace enable ok. E0314 15:53:22.019122 23191 sedockerav.cpp:37] Failed to connect to /opt/aquasec/audit/slkavd.sock, error: Connection refused I0314 15:53:22.800979 23223 servicemodule.cpp:269] Attempting start Avdmodule I0314 15:53:22.802088 23224 forkmanager.cpp:62] Forked slkavd process with id: 23224 I0314 15:53:23.008185 23224 slkavd.cpp:170] Set environment variable AQUA_PROXYLITE_USE_MAX_CORES=true I0314 15:53:23.009155 23224 slkavd.cpp:714] Using scan engine Avira I0314 15:53:23.018368 23224 aviraengine.cpp:704] SAVAPI version 4.15.16.62 I0314 15:53:23.019742 23224 slkavd.cpp:238] slkavd is running in container, db path '/var/lib/aquasec/data' I0314 15:53:23.047175 23224 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 3 max:6 I0314 15:53:23.084602 23224 slkavd.cpp:1509] Enabling host antivirus. I0314 15:53:23.802027 19700 livenessmodule.cpp:64] livenessProbe is enabled I0314 15:53:23.803928 23406 servicemodule.cpp:269] Attempting start slk-healthz I0314 15:53:23.812659 23410 forkmanager.cpp:62] Forked slkhealthz process with id: 23410 I0314 15:53:24.803787 19700 definitions.hpp:145] Health probe is supported in this environment I0314 15:53:24.804220 23424 servicemodule.cpp:269] Attempting start slkd-healthprobe I0314 15:53:24.806751 23425 forkmanager.cpp:62] Forked health-probe process with id: 23425 I0314 15:53:24.809473 23425 healthprobe.cpp:51] Created health probe config json file '/opt/aquasec/tmp/health/config.json' I0314 15:53:24.810160 23425 healthconfigloader.cpp:55] No change in health probe configuration - nothing to do I0314 15:53:24.811528 23425 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:6 I0314 15:53:24.826239 23425 enginemanagerimpl.cpp:241] Cron task started. I0314 15:53:24.826349 23425 modulehealthcontroller.cpp:58] Successfully created channel to slkd-grpcserver. E2E Sanity Check initiated I0314 15:53:25.805054 23445 servicemodule.cpp:269] Attempting start slkd-logcollector I0314 15:53:25.807358 23446 forkmanager.cpp:62] Forked log-collector process with id: 23446 I0314 15:53:25.810014 23446 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:6 I0314 15:53:26.806811 19700 netfiltermodule.cpp:48] Behavioral Engine with express mode only is on, therefore module is not activated [slkhealthz] 2024/03/14 15:53:26 slkhealthz version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkhealthz] 2024/03/14 15:53:26 Health & Readiness monitors start listen to 0.0.0.0:8096 I0314 15:53:27.509012 23224 aviraengine.cpp:374] Successfully merged xVDF files [slkaudit] 2024/03/14 15:53:28 Successfully connected to gateway via gRPC: AuditV2 I0314 15:53:28.816322 23502 servicemodule.cpp:269] Attempting start slkd-watchdog I0314 15:53:28.843159 23510 forkmanager.cpp:62] Forked Watchdog process with id: 23510 I0314 15:53:29.809458 23522 servicemodule.cpp:269] Attempting start slkd-workloads-microservice I0314 15:53:29.812026 23523 forkmanager.cpp:62] Forked slkd-workloads-microservice process with id: 23523 I0314 15:53:29.813213 23523 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:6 I0314 15:53:29.822203 23523 workloadsgrpchandler.cpp:50] Workloads audit gRPC server listening at unix:///opt/aquasec/audit/workloadsauditservice.sock I0314 15:53:29.822513 23523 enginemanagerimpl.cpp:241] Cron task started. I0314 15:53:29.839095 23523 workloadsmicroservice.cpp:268] Initialized workloads microservice. I0314 15:53:30.171837 23224 aviraengine.cpp:298] SAVAPI initialized: Version : VDF version 7.18.0.98 AVE version 8.3.66.62 expire date 20240401 Signatures: 1684318 I0314 15:53:30.177213 23224 feedengine.cpp:97] Custom malware feed signatures count 0 I0314 15:53:30.177672 23224 slkavd.cpp:1551] Enabling container antivirus. I0314 15:53:30.178839 23224 enginemanagerimpl.cpp:241] Cron task started. I0314 15:53:30.810572 23581 servicemodule.cpp:269] Attempting start slkd-secrets-vault I0314 15:53:30.812515 23582 forkmanager.cpp:62] Forked slkd-secrets-vault process with id: 23582 I0314 15:53:30.814996 23582 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:6 I0314 15:53:30.829910 23582 enginemanagerimpl.cpp:241] Cron task started. I0314 15:53:30.830161 23582 secretsvaultmicroservice.cpp:78] Initialized secrets vault microservice. I0314 15:53:31.816632 23618 servicemodule.cpp:269] Attempting start slkd-grpcserver I0314 15:53:31.821269 23619 forkmanager.cpp:62] Forked GRPCServer process with id: 23619 I0314 15:53:31.830019 23619 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:6 I0314 15:53:31.934139 23630 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 15:53:31.943595 23619 enginemanagerimpl.cpp:241] Cron task started. I0314 15:53:31.979547 23619 grpcserver.cpp:309] Server listening on unix:///opt/aquasec/audit/slkgrpc.sock I0314 15:53:33.818961 23675 servicemodule.cpp:269] Attempting start slkd-events I0314 15:53:33.822057 23676 forkmanager.cpp:62] Forked ContainerdEvtClient process with id: 23676 I0314 15:53:33.829560 23676 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:6 I0314 15:53:33.861055 23687 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. 2024-03-14 15:53:33.986 INFO workloads/manager.go:145 [slkcndr] [Workloads Manager] Successfully connected to gRPCServer. 2024-03-14 15:53:33.986 INFO workloads/manager.go:153 [slkcndr] [Workloads Manager] Starting in 'VM & Containers' protection mode 2024-03-14 15:53:33.987 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:34.007 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:34.049 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:34.051 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:34.053 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:34.071 INFO usecase/usecase.go:125 [slkcndr] perf buffer size set to 1024 I0314 15:53:34.814632 23700 servicemodule.cpp:269] Attempting start slkd-events I0314 15:53:34.818822 23701 forkmanager.cpp:62] Forked CriEvtClient process with id: 23701 I0314 15:53:34.821441 23701 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:6 I0314 15:53:34.847980 23712 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. 2024-03-14 15:53:35.845 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:35.858 INFO enforcersettings/enforcersettings.go:127 [slkcndr] CNDR Telemetry is enabled 2024-03-14 15:53:35.858 INFO enforcersettings/enforcersettings.go:127 [slkcndr] Enforce Mode is enabled 2024-03-14 15:53:35.892 INFO usecase/usecase.go:261 [slkcndr] Waiting for the signature to be loaded into Tracee rules engine... 2024-03-14 15:53:35.893 INFO usecase/usecase.go:263 [slkcndr] Signatures are loaded successfully into Tracee rules engine. Starting Tracee eBPF engine... I0314 15:53:37.820712 19700 pkgwatcher.cpp:146] Behavioral Engine with express mode only is on, therefore module is not activated I0314 15:53:38.822718 23818 servicemodule.cpp:269] Attempting start slkd-scheduler I0314 15:53:38.825201 23819 forkmanager.cpp:62] Forked slkd-scheduler process with id: 23819 I0314 15:53:38.827716 23819 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:6 I0314 15:53:38.852120 23830 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 15:53:39.822885 19700 server_unix.cpp:115] /opt/aquasec/slkd started in container I0314 15:53:43.829391 23956 gwclientmodule.cpp:357] Started GW client process 23956 I0314 15:53:43.836094 23956 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:6 I0314 15:53:43.848510 23956 proxyserver.cpp:37] Server listenning on unix:///opt/aquasec/audit/proxyserver.sock I0314 15:53:43.848695 23956 cmdhandler.cpp:144] Eagle monitor enabled=false I0314 15:53:43.858855 23971 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 15:53:43.875932 23956 grpcchannel.cpp:1238] Timeout for authentication request will range between 300 and 600 seconds I0314 15:53:43.876089 23956 grpcchannel.cpp:1241] Interval between authentication requests will range between 10 and 20 seconds I0314 15:53:43.875960 23978 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 15:53:43.877354 23956 grpcchannel.cpp:1026] Initiating a secure connection to a GW on address: 'd0653fe853-gw.cloud.aquasec.com:443' (timeout: 20 seconds) I0314 15:53:44.268934 23956 grpcchannel.cpp:1035] Established a secure channel to GW 'd0653fe853-gw.cloud.aquasec.com:443' I0314 15:53:44.269196 23956 grpcchannel.cpp:609] Enforcer is reopening push notification channel I0314 15:53:44.275780 23956 grpcchannel.cpp:797] Enforcer is authenticating with Gateway (timeout: 307 seconds) I0314 15:53:44.366390 23956 gwgrpcclient.cpp:375] Successfully registered in GW aqua-gateway-csp-8569b966f4-6xlm5_gateway (2402.8.22) I0314 15:53:44.368132 23956 gwgrpcclient.cpp:391] Using protocol version 1.3 I0314 15:53:44.369194 23956 gwgrpcclient.cpp:400] Workloads full sync is required I0314 15:53:44.372582 23956 grpcchannel.cpp:628] Successfully established a secure channel to Gateway 'd0653fe853-gw.cloud.aquasec.com:443' I0314 15:53:44.372798 23956 imageservice.cpp:44] Enabled multiple registries mode I0314 15:53:44.372844 23956 readiness.cpp:21] readinessProbe is enabled I0314 15:53:44.373262 23956 gwclientgrpchandler.cpp:38] GwClient gRPC handle listening at unix:///opt/aquasec/audit/gwclientgrpchandler.sock I0314 15:53:44.378203 23956 gwgrpcclient.cpp:624] Sending registration info (host.connect) I0314 15:53:44.378542 23956 gwgrpcclient.cpp:629] New GW Client Session ID: 1 I0314 15:53:44.682173 23961 cmdhandler.cpp:1326] Got GW command : 'host.sync.messages' I0314 15:53:44.688555 23961 cmdhandler.cpp:1326] Got GW command : 'host.sync.global.settings' I0314 15:53:44.835116 23524 workloadsmicroservice.cpp:486] Workloads Microservice succesfully connected I0314 15:53:44.835227 23524 workloadsmicroservice.cpp:543] Triggered connection monitor for workloads microservice. I0314 15:53:44.920766 23978 asynchostimagelist.cpp:148] Synced Host Images with the GW. I0314 15:53:44.921663 23978 acldb_image.cpp:458] Enforcer cleaned up Repo Images table successfully I0314 15:53:47.191834 23961 sedockercmd.cpp:6076] SeAgent::SetLightningMode: enable = true I0314 15:53:47.201387 23961 cmdhandler.cpp:1326] Got GW command : 'host.sync.policies' I0314 15:53:47.626021 23961 cmdhandler.cpp:4124] Send netfilter update_end I0314 15:53:47.638365 23961 cmdhandler.cpp:1326] Got GW command : 'analyzer.scan' I0314 15:53:47.638602 23961 cmdhandler.cpp:1326] Got GW command : 'host.malware.scan' [slkscan] 2024/03/14 15:53:47 Starting host scan I0314 15:53:47.642231 23961 connectionmonitorservice.cpp:31] Registering a new monitoring event I0314 15:53:47.646724 23961 cmdhandler.cpp:1326] Got GW command : 'cndr.config' 2024-03-14 15:53:47.651 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:47.653 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:47.660 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:47.664 INFO usecase/configmgr.go:66 [slkcndr] [Signatures Settings: TRC-102:disable TRC-111:disable TRC-133:dry TRC-82:disable TRC-47:wet TRC-62:wet TRC-63:wet TRC-12:disable TRC-163:dry TRC-191:wet TRC-38:wet TRC-279:wet TRC-78:wet TRC-90:wet TRC-162:dry TRC-176:dry TRC-181:wet TRC-188:dry TRC-35:dry TRC-40:wet ART-3:wet TRC-134:dry TRC-26:dry TRC-27:wet TRC-104:wet TRC-151:disable TRC-48:wet TRC-114:wet TRC-132:dry TRC-10:wet TRC-183:dry TRC-67:wet TRC-91:dry TRC-150:disable TRC-80:wet TRC-112:wet TRC-117:dry TRC-14:wet TRC-142: TRC-115:dry TRC-39:dry TRC-41:wet ART-4:wet TRC-19:dry TRC-54:dry TRC-95:wet ART-9:wet TRC-145:disable TRC-198:disable TRC-76:wet TRC-140:wet TRC-184:disable TRC-20:dry TRC-8:disable ART-8:wet TRC-177:wet TRC-179:disable TRC-34:wet TRC-197:disable TRC-74:wet TRC-101:dry TRC-116:dry TRC-147:wet TRC-168:disable ART-1:wet TRC-153:wet TRC-61:wet TRC-64:wet TRH-2:dry TRC-11:wet TRC-182:dry TRC-45:wet TRC-49:wet TRH-1:dry TRC-137:wet TRC-165:wet TRC-24:wet TRC-33:wet TRC-59:wet TRC-66:wet TRC-84:wet TRC-29:wet TRC-60:dry TRC-83:wet TRC-121:disable TRC-139:dry TRC-148:disable TRC-22:wet TRC-154:wet TRC-5:dry TRC-110:disable TRC-122:dry TRC-135:dry TRC-15:dry TRC-166:dry TRC-28:dry TRC-3:wet TRC-89:wet ART-2:wet TRC-131:disable TRC-136:dry TRC-146:wet TRC-138:wet TRC-180:wet TRC-42:disable ART-6:wet TRC-108:dry TRC-109:dry TRC-124:dry TRC-36:wet TRC-51:wet TRC-7:dry TRH-3:dry TRC-106:wet TRC-13:wet TRC-17:wet TRC-170:dry TRC-6:wet TRC-94:dry TRC-128:dry TRC-141:wet TRC-187:dry TRC-2:wet TRC-120:dry TRC-21:dry TRC-278:wet TRC-96:wet TRC-57:wet TRC-144:wet TRC-155:wet TRC-18: TRC-185:wet TRC-58:wet TRC-98:dry TRC-127:wet TRC-16:dry TRC-43:wet TRC-55:dry TRC-169:dry TRC-175:dry TRC-23:wet TRC-30:dry TRC-1:dry TRC-113:wet TRC-123:wet TRC-156:wet TRC-4:disable TRC-71:wet TRC-99:dry TRC-97:dry ART-7:wet TRC-105: TRC-25:wet TRC-9:wet TRC-129:wet TRC-149:disable TRC-86:wet TRC-103:disable TRC-107:dry TRC-118:disable TRC-119:disable TRC-173:wet TRC-178:dry TRC-100: TRC-130:disable TRC-143:wet TRC-157:wet TRC-167:wet TRC-37:wet TRC-88:wet ] [slkscan] 2024/03/14 15:53:47 Scan command args: [--root / --host --packages --outfile /var/lib/aquasec/tmp/analyzer_hlgTTNwv.json --exclude-paths /var/lib/containers;/run/containerd;/var/run/containers;/var/lib/docker;/var/lib/containerd;/sysroot/ostree/deploy/rhcos//var/lib/containers;/sysroot/ostree/deploy/rhcos//run/containerd;/sysroot/ostree/deploy/rhcos//var/run/containers;/sysroot/ostree/deploy/rhcos//var/lib/docker;/sysroot/ostree/deploy/rhcos//var/lib/containerd;/var/lib/nfs/rpc_pipefs] I0314 15:53:47.671836 23961 cmdhandler.cpp:1326] Got GW command : 'host.sync.secrets' I0314 15:53:47.671727 23991 ondemandscan.cpp:328] Start malware filesystem scan policy Default I0314 15:53:47.672652 23961 cmdhandler.cpp:1326] Got GW command : 'host.sync.malwareupdate' I0314 15:53:47.675740 23961 cmdhandler.cpp:1326] Got GW command : 'host.sync.settings' I0314 15:53:47.679216 23992 ondemandscan.cpp:328] Start malware filesystem scan policy Malware-Default-Policy 2024-03-14 15:53:47.679 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:47.681 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:47.683 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 15:53:47.684 INFO usecase/configmgr.go:66 [slkcndr] [Signatures Settings: TRC-76:wet TRC-96:wet TRC-141:wet TRC-49:wet TRC-71:wet TRC-198:disable ART-7:wet TRC-10:wet TRC-112:wet TRC-97:dry TRC-139:dry TRC-43:wet TRC-47:wet TRC-66:wet TRC-91:dry TRH-1:dry TRC-143:wet TRC-150:disable TRC-187:dry TRC-18: TRC-99:dry TRC-33:wet TRC-40:wet TRC-86:wet TRC-64:wet TRC-101:dry TRC-108:dry TRC-167:wet TRC-111:disable TRC-122:dry TRH-2:dry TRC-26:dry TRC-7:dry TRC-90:wet TRC-105: TRC-124:dry TRC-169:dry TRC-8:disable TRC-89:wet ART-9:wet TRC-15:dry TRC-156:wet TRC-20:dry TRH-3:dry TRC-106:wet TRC-113:wet TRC-129:wet TRC-146:wet TRC-155:wet ART-4:wet ART-8:wet TRC-107:dry TRC-19:dry TRC-39:dry TRC-5:dry TRC-74:wet ART-6:wet TRC-134:dry TRC-147:wet TRC-166:dry TRC-25:wet TRC-45:wet TRC-61:wet TRC-83:wet TRC-1:dry TRC-135:dry TRC-144:wet TRC-279:wet TRC-41:wet TRC-123:wet TRC-136:dry TRC-24:wet TRC-191:wet TRC-55:dry ART-3:wet TRC-127:wet TRC-13:wet TRC-14:wet TRC-185:wet TRC-35:dry TRC-95:wet TRC-98:dry TRC-102:disable TRC-104:wet TRC-137:wet TRC-170:dry TRC-178:dry TRC-181:wet TRC-2:wet TRC-29:wet TRC-115:dry TRC-118:disable TRC-165:wet TRC-94:dry TRC-30:dry TRC-62:wet TRC-80:wet TRC-173:wet TRC-182:dry TRC-51:wet TRC-57:wet TRC-6:wet TRC-109:dry TRC-116:dry TRC-12:disable TRC-78:wet TRC-17:wet TRC-278:wet TRC-60:dry ART-2:wet TRC-153:wet TRC-154:wet TRC-197:disable TRC-22:wet TRC-28:dry TRC-54:dry TRC-114:wet TRC-119:disable TRC-130:disable TRC-16:dry TRC-88:wet TRC-117:dry TRC-128:dry TRC-151:disable TRC-188:dry TRC-34:wet TRC-58:wet TRC-59:wet TRC-82:disable TRC-110:disable TRC-140:wet TRC-149:disable TRC-9:wet TRC-84:wet TRC-132:dry TRC-27:wet TRC-36:wet TRC-4:disable ART-1:wet TRC-121:disable TRC-3:wet TRC-42:disable TRC-120:dry TRC-138:wet TRC-184:disable TRC-11:wet TRC-176:dry TRC-38:wet TRC-142: TRC-177:wet TRC-37:wet TRC-100: TRC-103:disable TRC-131:disable TRC-21:dry TRC-23:wet TRC-63:wet TRC-67:wet TRC-157:wet TRC-162:dry TRC-180:wet TRC-168:disable TRC-175:dry TRC-133:dry TRC-145:disable TRC-163:dry TRC-48:wet TRC-148:disable TRC-179:disable TRC-183:dry ] I0314 15:53:47.686729 23961 sedockercmd.cpp:6453] Host forensics is disabled I0314 15:53:47.701951 23961 sedockercmd.cpp:6520] Container forensics is disabled 2024-03-14 15:53:47.707 INFO enforcersettings/enforcersettings.go:105 [slkcndr] Reloading Enforce Mode setting... 2024-03-14 15:53:47.708 INFO enforcersettings/enforcersettings.go:127 [slkcndr] Enforce Mode is enabled I0314 15:53:47.709092 23961 cmdhandler.cpp:1326] Got GW command : 'host.sync.global.settings' I0314 15:53:50.781662 23961 sedockercmd.cpp:6076] SeAgent::SetLightningMode: enable = true I0314 15:53:50.783634 23961 cmdhandler.cpp:1326] Got GW command : 'network.ipblacklist.start' I0314 15:53:50.790246 23961 cmdhandler.cpp:1326] Got GW command : 'network.ipblacklist' I0314 15:53:50.821903 23961 cmdhandler.cpp:1326] Got GW command : 'network.ipblacklist' I0314 15:53:50.828840 23961 cmdhandler.cpp:1326] Got GW command : 'network.ipblacklist.end' 2024-03-14 15:53:50.830 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db E0314 15:53:50.834942 23583 gw_client.clientservice.proxylite.pb.cc:506] Timeout exceeded for rpc: (call id 1 procedure id 2) Service name GwClient E0314 15:53:50.835134 23583 secretsvaultmicroservice.cpp:208] Failed to get secrets from GWClient I0314 15:53:50.852263 23961 cmdhandler.cpp:1326] Got GW command : 'network.dnsblacklist.start' I0314 15:53:50.865371 23961 cmdhandler.cpp:1326] Got GW command : 'network.dnsblacklist' I0314 15:53:50.899588 23961 cmdhandler.cpp:1326] Got GW command : 'network.dnsblacklist' I0314 15:53:50.931432 23961 cmdhandler.cpp:1326] Got GW command : 'network.dnsblacklist' I0314 15:53:50.934284 23961 cmdhandler.cpp:1326] Got GW command : 'network.dnsblacklist.end' 2024-03-14 15:53:50.935 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db I0314 15:53:50.970903 23961 cmdhandler.cpp:1326] Got GW command : 'network.cryptoblacklist.start' I0314 15:53:50.974460 23961 cmdhandler.cpp:1326] Got GW command : 'network.cryptoblacklist' I0314 15:53:50.993806 23961 cmdhandler.cpp:1326] Got GW command : 'network.cryptoblacklist.end' 2024-03-14 15:53:50.994 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db E0314 15:53:51.006897 23588 rpcclientparser.proxylite.pb.cc:429] Not found call id 1 E0314 15:53:51.007018 23588 rpcclientconnectionimpl.cpp:401] Failed handle client rpc I0314 15:53:51.007771 23961 cmdhandler.cpp:1326] Got GW command : 'litesync.update.cache' I0314 15:53:51.017045 23525 workloadsmicroservice.cpp:893] Syncing Workloads Microservice (full sync is required). I0314 15:53:51.017649 23961 asyncgethostimagesrecord.cpp:233] Lite Sync Finished. Synced: 140 images. I0314 15:53:51.078912 23961 cmdhandler.cpp:1326] Got GW command : 'host.sync.secrets' [slkaudit] 2024/03/14 15:53:53 Trying to connect to GW via gRPC and address d0653fe853-gw.cloud.aquasec.com:443