Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' I0314 16:09:02.225827 804891 seagent.cpp:327] Aqua Security 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:53:58 I0314 16:09:02.226020 804891 miscfunc.cpp:911] Agent container id not found. I0314 16:09:02.226121 804891 miscfunc.cpp:915] Call GetContainerIdV2 to find agent container id. I0314 16:09:02.226378 804891 miscfunc.cpp:930] Agent container id found: 11d827f022832a504c54d9cb13830b24ce5f36b8dca63e0b498502187a051902 I0314 16:09:02.226433 804891 seagent.cpp:1151] Container id: 11d827f022832a504c54d9cb13830b24ce5f36b8dca63e0b498502187a051902 I0314 16:09:02.226485 804891 seagent.cpp:1162] Installation directory: /var/lib/aquasec I0314 16:09:02.226577 804891 seagent.cpp:1186] Installation mode: service I0314 16:09:02.238535 804891 miscfunc.cpp:585] Get local hostIPs count is 2. I0314 16:09:02.238833 804891 server_unix.cpp:465] utls_net.c:729] Get physical IP, netpath=/host/sys/class/net, filesCount=31, rc=0 I0314 16:09:02.239056 804891 server_unix.cpp:465] utls_net.c:755] Get physical IP, netpath=/host/sys/class/net, ifr_name=eth0 , ip=10.2.32.28 I0314 16:09:02.239594 804891 miscfunc.cpp:627] Get physical hostIPs count is 1, inCont=true I0314 16:09:02.251744 804891 acldb.cpp:1676] Using Repo Images DB version no. 21 I0314 16:09:02.312654 804891 seagent.cpp:10135] Core file pattern 'core ' I0314 16:09:02.313230 804891 seagent.cpp:5437] Host id: Host name : eksa-vsphere-conformitron-md-0-27ftg-b5h69 Host short name : eksa-vsphere-conformitron-md-0-27ftg-b5h69 Host IPs : '10.2.32.28' '192.168.4.11' Host physical IP: '10.2.32.28' Host MAC : 00-50-56-BD-65-29 I0314 16:09:02.314553 804891 seagent.cpp:1221] Host system: Pretty name : 'Bottlerocket OS 1.15.1 (vmware-k8s-1.28)' Short name : 'Bottlerocket' Id : 'bottlerocket' Like : '' Version : '1.15.1' Kernel : '6.1.49' I0314 16:09:02.316376 804891 preloadaux.cpp:1767] Get target fs type found fsname=/dev/nvme0n1p13 dir=/local type=xfs I0314 16:09:02.316592 804891 preloadaux.cpp:1660] V2. Find target FS dev major=259 minor=13 mnt_type=xfs rc=0 dev_path=/dev/nvme0n1p13 E0314 16:09:02.322933 804891 server_unix.cpp:459] smsg_internal.c:51] Failed to find file '/opt/aquasec/messages/CUSTOM/aquamsg.txt' I0314 16:09:02.323036 804891 preloadaux.cpp:2050] calling init search dl paths I0314 16:09:02.323100 804891 preloadaux.cpp:2060] Search libdl in the paths: '/lib' '/lib64' '/lib/x86_64-linux-gnu/' '/lib64/x86_64-linux-gnu/' '/lib/i386-linux-gnu/' I0314 16:09:02.323159 804891 preloadaux.cpp:2075] Search libc library in the paths: '/lib' '/lib64' '/lib/x86_64-linux-gnu/' '/lib64/x86_64-linux-gnu/' '/lib/i386-linux-gnu/' I0314 16:09:02.323217 804891 seagent.cpp:872] done calling init search libraries paths I0314 16:09:02.323374 804891 seagent.cpp:904] Set environment 32 bit support is on I0314 16:09:02.329048 804891 seagent.cpp:4443] Using node name: eksa-vsphere-conformitron-md-0-27ftg-b5h69 I0314 16:09:02.329267 804891 seagent.cpp:3181] Risk explorer auto discovery is disabled I0314 16:09:02.342589 804891 seagent.cpp:4547] Lightning mode is enabled I0314 16:09:02.348057 804891 seagent.cpp:4638] Enforcer will not verify the peer's certificate, please set AQUA_TLS_VERIFY=true to enable certificate verification I0314 16:09:02.349089 804891 seagent.cpp:1280] Image service multi registries mode: enabled I0314 16:09:02.349690 804891 seagent.cpp:1874] Enforcer is running in OPEN mode. I0314 16:09:02.349879 804891 seagent.cpp:1462] Enforcer is running in 'Network' CLOSE mode. I0314 16:09:02.377914 804891 seagent.cpp:2442] DiscoverEngineSockets: found process name: kubelet pid: 6246 socket: unix:///run/containerd/containerd.sock I0314 16:09:02.381009 804891 seagent.cpp:2457] Found engine: containerd socket: 'unix:///run/containerd/containerd.sock' I0314 16:09:02.381191 804891 seagent.cpp:2342] Assuming containerd environment I0314 16:09:02.441895 804891 seagent.cpp:1571] Memory pressure is not configured. No Memory Cap is configured. I0314 16:09:02.443964 804891 udslite.cpp:30] Increasing socket buffer 'SO_RCVBUF' to 524288 bytes I0314 16:09:02.444039 804891 udslite.cpp:65] Increased 'SO_RCVBUF' to 1048576 bytes I0314 16:09:02.444093 804891 udslite.cpp:30] Increasing socket buffer 'SO_SNDBUF' to 524288 bytes I0314 16:09:02.444155 804891 udslite.cpp:65] Increased 'SO_SNDBUF' to 1048576 bytes I0314 16:09:02.444468 804891 seagent.cpp:2987] Setting CRI runtime endpoint to /run/containerd/containerd.sock I0314 16:09:02.444540 804891 seagent.cpp:1950] Running on Kubernetes node E0314 16:09:02.448541 808976 db.cpp:130] Failed to open db '/data/acl.db', native error: unable to open database file E0314 16:09:02.448765 808976 db.cpp:130] Failed to open db '/data/cache.db', native error: unable to open database file E0314 16:09:02.448931 808976 db.cpp:130] Failed to open db '/data/aud.db', native error: unable to open database file E0314 16:09:02.449090 808976 db.cpp:130] Failed to open db '/data/alert.db', native error: unable to open database file E0314 16:09:02.449227 808976 db.cpp:130] Failed to open db '/data/profile.db', native error: unable to open database file E0314 16:09:02.449374 808976 db.cpp:130] Failed to open db '/data/cndr_events.db', native error: unable to open database file I0314 16:09:03.350193 804891 cloudvendor.cpp:394] VM cloud information: VM Cloud vendor : VMware Cloud I0314 16:09:11.888720 804891 getbundlepath.cpp:255] Runc bundle prefix path='/run/containerd/io.containerd.runtime.v2.task/k8s.io' bundle suffix path=' E0314 16:09:11.889741 804891 seagent.cpp:9905] Boot config file 'config-6.1.49' not found in '/boot' '/usr/boot' I0314 16:09:11.890075 804891 seagent.cpp:9966] Check fanotify perm, set FAN_OPEN_PERM for file '/tmp/check_fan_MeCpGO', error: Permission denied E0314 16:09:11.890231 804891 seagent.cpp:5598] Fanotify is not supported, using runc ptrace interception I0314 16:09:11.940794 804891 seagent.cpp:3044] CRI info: CRI server version : 1.6.23+bottlerocket CRI api version : v1 E0314 16:09:16.963363 804891 cndrcmds.cpp:233] Could not notify about workloads contexts update: failed to connect to all addresses W0314 16:09:16.966156 804891 sedockercmd.cpp:2547] Container workloads have not been notified about their contexts I0314 16:09:16.972007 804891 seagent.cpp:1851] Secrets feature: enabled I0314 16:09:16.973143 804891 seagent.cpp:4696] Set environment variable 'SLKD_OSVERSION_ID=bottlerocket I0314 16:09:16.973346 804891 seagent.cpp:4703] Set environment variable 'SLKD_OSVERSION_NUM=1.15.1 I0314 16:09:16.973505 804891 seagent.cpp:4713] Set environment variable 'SLKD_PID=804891 I0314 16:09:16.973675 804891 seagent.cpp:4721] Set environment variable 'SLKD_CONTAINER_ID=11d827f022832a504c54d9cb13830b24ce5f36b8dca63e0b498502187a051902 I0314 16:09:16.973829 804891 seagent.cpp:4745] Set environment variable 'SLKD_AV_PROTECTION=true I0314 16:09:16.974119 804891 seagent.cpp:4784] Set environment variable 'SLKD_RUNTIME_ENGINE=containerd' I0314 16:09:16.974328 804891 seagent.cpp:4794] Set environment variable 'SLKD_RUNTIME_ENDPOINT=/run/containerd/containerd.sock' I0314 16:09:16.974565 804891 seagent.cpp:4824] Set environment variable 'SLKD_RUNC_BUNDLE_PREFIX=/run/containerd/io.containerd.runtime.v2.task/k8s.io' I0314 16:09:16.974804 804891 seagent.cpp:4871] Set environment variable 'SLKD_CONTAINERIZED=true' I0314 16:09:16.975453 804891 seagent.cpp:4877] Set environment variable 'SLKD_EXEC_CACHE=true' I0314 16:09:16.975608 804891 seagent.cpp:4883] Set environment variable 'SLKD_INTERCEPTOR_FAILOPEN=false' I0314 16:09:16.975775 804891 seagent.cpp:4889] Set environment variable 'SLKD_INTERCEPTOR_INTERVAL_FAILOPEN=5' I0314 16:09:16.975987 804891 seagent.cpp:4903] Set environment variable 'SLKD_CRIAPI_V1=1 I0314 16:09:16.976244 804891 seagent.cpp:4948] Set environment variable 'SLKD_PRIVILEGED=false' I0314 16:09:16.979095 804891 runcinterceptor.cpp:102] Using trace slkinterceptor-lite I0314 16:09:16.979526 813094 servicemodule.cpp:269] Attempting start slkd-hostproc I0314 16:09:16.983223 813095 forkmanager.cpp:62] Forked slkhostproc process with id: 813095 [slkhostproc] 2024/03/14 16:09:16 slkhostproc version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkhostproc] 2024/03/14 16:09:16 grpc server socket is : /var/lib/aquasec/audit/slkhostproc.sock I0314 16:09:17.979866 813317 servicemodule.cpp:269] Attempting start slkd-audit I0314 16:09:17.983781 813318 forkmanager.cpp:62] Forked slkaudit process with id: 813318 [slkaudit] 2024/03/14 16:09:18 slkaudit version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 I0314 16:09:19.031008 813571 servicemodule.cpp:269] Attempting start slkcndr I0314 16:09:19.033217 813572 forkmanager.cpp:62] Forked slkcndr process with id: 813572 2024-03-14 16:09:19.173 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:19.180 INFO app/app.go:122 [slkcndr] Using address d0653fe853-gw.cloud.aquasec.com:443 2024-03-14 16:09:19.183 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:19.182 INFO usecase/cloud.go:210 [slkcndr] Connection established with remote server d0653fe853-gw.cloud.aquasec.com:443 2024-03-14 16:09:19.194 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:19.197 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-90 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-177 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-39 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-35 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-45 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-58 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-123 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-147 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-98 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-138 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-154 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-181 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-20 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-2 2024-03-14 16:09:19.203 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-120 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-122 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-112 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-13 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-16 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-175 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-2 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-23 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-26 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-9 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-128 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-84 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-1 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-101 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-108 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-14 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-15 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-170 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-74 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-137 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-165 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-185 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-115 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-134 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-135 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-21 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-37 2024-03-14 16:09:19.204 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-64 2024-03-14 16:09:19.205 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-7 2024-03-14 16:09:19.205 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-4 2024-03-14 16:09:19.205 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-129 2024-03-14 16:09:19.205 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-83 2024-03-14 16:09:19.212 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-88 2024-03-14 16:09:19.212 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-19 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-7 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-141 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-156 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-30 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-143 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-163 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-173 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-6 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-182 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-61 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-97 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-116 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-146 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-67 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-2 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-133 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-180 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-9 2024-03-14 16:09:19.213 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-36 2024-03-14 16:09:19.214 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-59 2024-03-14 16:09:19.214 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-71 2024-03-14 16:09:19.214 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-3 2024-03-14 16:09:19.214 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-113 2024-03-14 16:09:19.214 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-34 2024-03-14 16:09:19.214 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-60 2024-03-14 16:09:19.214 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-76 2024-03-14 16:09:19.214 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-95 2024-03-14 16:09:19.214 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-96 2024-03-14 16:09:19.216 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-153 2024-03-14 16:09:19.217 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-27 2024-03-14 16:09:19.217 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-91 2024-03-14 16:09:19.217 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-49 2024-03-14 16:09:19.218 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-6 2024-03-14 16:09:19.218 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-62 2024-03-14 16:09:19.218 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-24 2024-03-14 16:09:19.219 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-48 2024-03-14 16:09:19.219 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-80 2024-03-14 16:09:19.219 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-3 2024-03-14 16:09:19.220 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-8 2024-03-14 16:09:19.220 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-169 2024-03-14 16:09:19.220 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-22 2024-03-14 16:09:19.221 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-51 2024-03-14 16:09:19.221 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-17 2024-03-14 16:09:19.221 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-178 2024-03-14 16:09:19.222 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-155 2024-03-14 16:09:19.222 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-157 2024-03-14 16:09:19.222 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-176 2024-03-14 16:09:19.222 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-191 2024-03-14 16:09:19.223 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-127 2024-03-14 16:09:19.223 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-25 2024-03-14 16:09:19.223 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-47 2024-03-14 16:09:19.224 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-5 2024-03-14 16:09:19.224 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-57 2024-03-14 16:09:19.224 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-162 2024-03-14 16:09:19.224 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-167 2024-03-14 16:09:19.225 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-188 2024-03-14 16:09:19.225 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-43 2024-03-14 16:09:19.225 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-89 2024-03-14 16:09:19.225 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-1 2024-03-14 16:09:19.225 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-114 2024-03-14 16:09:19.225 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-139 2024-03-14 16:09:19.225 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-38 2024-03-14 16:09:19.225 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-66 2024-03-14 16:09:19.225 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-1 2024-03-14 16:09:19.225 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-109 2024-03-14 16:09:19.226 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-107 2024-03-14 16:09:19.226 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-187 2024-03-14 16:09:19.226 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-33 2024-03-14 16:09:19.226 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-132 2024-03-14 16:09:19.226 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-41 2024-03-14 16:09:19.226 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-104 2024-03-14 16:09:19.226 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-183 2024-03-14 16:09:19.226 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-28 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-140 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-144 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-78 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-63 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-99 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-54 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-11 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-94 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-10 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-106 2024-03-14 16:09:19.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-86 2024-03-14 16:09:19.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-40 2024-03-14 16:09:19.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-55 2024-03-14 16:09:19.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-166 2024-03-14 16:09:19.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-29 2024-03-14 16:09:19.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-3 2024-03-14 16:09:19.228 INFO eventsmanager/eventsmanager.go:227 [slkcndr] [Starting Events Manager...] 2024-03-14 16:09:19.228 INFO db/db.go:28 [slkcndr] Opening database file /data/cndr_events.db 2024-03-14 16:09:19.232 INFO eventsmanager/audits.go:87 [slkcndr] [Starting re-sending of audits from database...] 2024-03-14 16:09:19.232 INFO eventsmanager/events.go:92 [slkcndr] [Starting re-sending of events from database...] 2024-03-14 16:09:19.232 INFO workloads/manager.go:138 [slkcndr] [Workloads Manager] Attempting Connection to gRPCServer. I0314 16:09:20.031702 804891 runcinterceptor.cpp:53] Behavioral Engine with express mode only is on, therefore module is not activated [slkaudit] 2024/03/14 16:09:20 Trying to connect to GW via gRPC and address d0653fe853-gw.cloud.aquasec.com:443 I0314 16:09:21.032793 814018 servicemodule.cpp:269] Attempting start slkd-ocicfg I0314 16:09:21.036396 814022 forkmanager.cpp:62] Forked slkocicfg process with id: 814022 [slkocicfg] 2024/03/14 16:09:21 slkocicfg version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkocicfg] 2024/03/14 16:09:21 CRI API v1 version is supported? true [slkocicfg] 2024/03/14 16:09:21 Runtime Endpoint socket is : /run/containerd/containerd.sock, engine is: containerd [slkocicfg] 2024/03/14 16:09:21 containerd version is : 1.6.23+bottlerocket I0314 16:09:22.034058 804891 pkgquerymodule.cpp:71] Behavioral Engine with express mode only is on, therefore module is not activated I0314 16:09:23.035600 814459 servicemodule.cpp:269] Attempting start slkd-scan I0314 16:09:23.039781 814460 forkmanager.cpp:62] Forked slkscan process with id: 814460 [slkscan] 2024/03/14 16:09:23 slkscan version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkscan] 2024/03/14 16:09:23 Starting Server.... [slkscan] 2024/03/14 16:09:23 Starting Scan Manager .... [slkscan] 2024/03/14 16:09:23 Starting Host Assurance Manager .... [slkscan] 2024/03/14 16:09:23 Intializing scanners .... [slkscan] 2024/03/14 16:09:23 Intializing scanner .... [slkscan] 2024/03/14 16:09:23 Intializing scanner .... [slkscan] 2024/03/14 16:09:23 Intializing scanner .... [slkscan] 2024/03/14 16:09:23 Intializing scanner .... [slkscan] 2024/03/14 16:09:23 Intializing scanner .... I0314 16:09:24.121027 814622 servicemodule.cpp:269] Attempting start HostSecModule I0314 16:09:24.125006 814623 forkmanager.cpp:62] Forked slkhostsecd process with id: 814623 I0314 16:09:24.200188 814623 procsmap.cpp:182] check system 'CONFIG_PROC_EVENTS' returned 'y' E0314 16:09:24.201704 814645 loginnotifier.cpp:199] File '/var/log/wtmp' not found E0314 16:09:24.202205 814646 loginnotifier.cpp:380] File '/var/log/btmp' not found I0314 16:09:24.204421 814623 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 E0314 16:09:24.210544 814623 filenotify.cpp:164] Boot config file 'config-6.1.49' not found in '/boot' '/usr/boot' W0314 16:09:24.210851 814623 filenotify.cpp:221] Failed to set FAN_OPEN_PERM for file '/tmp/check_fan_fMhKKM', error: Permission denied I0314 16:09:24.211037 814623 slkhostsecd.cpp:164] fanotify is supported I0314 16:09:24.211107 814623 filenotify.cpp:255] slkhostsecd is running in container, db path '/var/lib/aquasec/data' E0314 16:09:24.211287 814623 filenotify.cpp:1671] Failed to determined package manager type in host. package block feature will be disabled. I0314 16:09:24.211400 814623 filenotify.cpp:278] Capability CAP_LINUX_IMMUTABLE is not supported, blocked files may be deleted E0314 16:09:24.344815 814624 cndrcmds.cpp:233] Could not notify about workloads contexts update: failed to connect to all addresses W0314 16:09:24.345139 814624 sedockercmd.cpp:8363] Workload '__HOST__' has not been notified about its context I0314 16:09:24.345575 814658 slkhostsecd.cpp:1035] User activity trace enable ok. E0314 16:09:24.348863 814624 sedockerav.cpp:37] Failed to connect to /opt/aquasec/audit/slkavd.sock, error: Connection refused I0314 16:09:25.133800 814854 servicemodule.cpp:269] Attempting start Avdmodule I0314 16:09:25.135754 814855 forkmanager.cpp:62] Forked slkavd process with id: 814855 I0314 16:09:25.474174 814855 slkavd.cpp:170] Set environment variable AQUA_PROXYLITE_USE_MAX_CORES=true I0314 16:09:25.474273 814855 slkavd.cpp:714] Using scan engine Avira I0314 16:09:25.486038 814855 aviraengine.cpp:704] SAVAPI version 4.15.16.62 I0314 16:09:25.486876 814855 slkavd.cpp:238] slkavd is running in container, db path '/var/lib/aquasec/data' I0314 16:09:25.513513 814855 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 4 max:8 I0314 16:09:25.611905 814855 slkavd.cpp:1509] Enabling host antivirus. I0314 16:09:26.617122 804891 livenessmodule.cpp:64] livenessProbe is enabled I0314 16:09:26.618158 815299 servicemodule.cpp:269] Attempting start slk-healthz I0314 16:09:26.623314 815301 forkmanager.cpp:62] Forked slkhealthz process with id: 815301 I0314 16:09:27.617938 804891 definitions.hpp:145] Health probe is supported in this environment I0314 16:09:27.618233 815333 servicemodule.cpp:269] Attempting start slkd-healthprobe I0314 16:09:27.622289 815334 forkmanager.cpp:62] Forked health-probe process with id: 815334 I0314 16:09:27.624529 815334 healthprobe.cpp:51] Created health probe config json file '/opt/aquasec/tmp/health/config.json' I0314 16:09:27.624728 815334 healthconfigloader.cpp:55] No change in health probe configuration - nothing to do I0314 16:09:27.626724 815334 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 16:09:27.642860 815334 enginemanagerimpl.cpp:241] Cron task started. I0314 16:09:27.643036 815334 modulehealthcontroller.cpp:58] Successfully created channel to slkd-grpcserver. E2E Sanity Check initiated I0314 16:09:28.619439 815347 servicemodule.cpp:269] Attempting start slkd-logcollector I0314 16:09:28.623378 815348 forkmanager.cpp:62] Forked log-collector process with id: 815348 I0314 16:09:28.627468 815348 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 16:09:29.621017 804891 netfiltermodule.cpp:48] Behavioral Engine with express mode only is on, therefore module is not activated [slkhealthz] 2024/03/14 16:09:29 slkhealthz version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkhealthz] 2024/03/14 16:09:29 Health & Readiness monitors start listen to 0.0.0.0:8096 [slkaudit] 2024/03/14 16:09:30 Successfully connected to gateway via gRPC: AuditV2 I0314 16:09:30.949851 814855 aviraengine.cpp:374] Successfully merged xVDF files I0314 16:09:31.623239 815435 servicemodule.cpp:269] Attempting start slkd-watchdog I0314 16:09:31.627386 815436 forkmanager.cpp:62] Forked Watchdog process with id: 815436 I0314 16:09:32.624576 815465 servicemodule.cpp:269] Attempting start slkd-workloads-microservice I0314 16:09:32.628686 815466 forkmanager.cpp:62] Forked slkd-workloads-microservice process with id: 815466 I0314 16:09:32.631068 815466 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 16:09:32.640870 815466 workloadsgrpchandler.cpp:50] Workloads audit gRPC server listening at unix:///opt/aquasec/audit/workloadsauditservice.sock I0314 16:09:32.641438 815466 enginemanagerimpl.cpp:241] Cron task started. I0314 16:09:32.660971 815466 workloadsmicroservice.cpp:268] Initialized workloads microservice. I0314 16:09:33.626032 815485 servicemodule.cpp:269] Attempting start slkd-secrets-vault I0314 16:09:33.630491 815486 forkmanager.cpp:62] Forked slkd-secrets-vault process with id: 815486 I0314 16:09:33.634907 815486 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 16:09:33.650384 815486 enginemanagerimpl.cpp:241] Cron task started. I0314 16:09:33.651022 815486 secretsvaultmicroservice.cpp:78] Initialized secrets vault microservice. I0314 16:09:34.626998 815517 servicemodule.cpp:269] Attempting start slkd-grpcserver I0314 16:09:34.631501 815518 forkmanager.cpp:62] Forked GRPCServer process with id: 815518 I0314 16:09:34.636178 815518 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 16:09:34.655225 815529 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 16:09:34.683524 815518 enginemanagerimpl.cpp:241] Cron task started. I0314 16:09:34.707854 815518 grpcserver.cpp:309] Server listening on unix:///opt/aquasec/audit/slkgrpc.sock 2024-03-14 16:09:35.672 INFO workloads/manager.go:145 [slkcndr] [Workloads Manager] Successfully connected to gRPCServer. 2024-03-14 16:09:35.672 INFO workloads/manager.go:153 [slkcndr] [Workloads Manager] Starting in 'VM & Containers' protection mode 2024-03-14 16:09:35.673 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:35.717 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:35.849 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:35.852 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:35.855 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:35.872 INFO usecase/usecase.go:125 [slkcndr] perf buffer size set to 1024 I0314 16:09:36.628584 815577 servicemodule.cpp:269] Attempting start slkd-events I0314 16:09:36.633148 815578 forkmanager.cpp:62] Forked ContainerdEvtClient process with id: 815578 I0314 16:09:36.637773 815578 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 16:09:36.654605 815589 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 16:09:36.754060 814855 aviraengine.cpp:298] SAVAPI initialized: Version : VDF version 8.20.20.132 AVE version 8.3.66.62 expire date 20240401 Signatures: 6780702 I0314 16:09:36.763892 814855 feedengine.cpp:97] Custom malware feed signatures count 0 I0314 16:09:36.764276 814855 slkavd.cpp:1551] Enabling container antivirus. I0314 16:09:36.825312 814855 enginemanagerimpl.cpp:241] Cron task started. I0314 16:09:37.629853 815594 servicemodule.cpp:269] Attempting start slkd-events I0314 16:09:37.644327 815595 forkmanager.cpp:62] Forked CriEvtClient process with id: 815595 I0314 16:09:37.651410 815595 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 16:09:37.669798 815606 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 16:09:40.632592 804891 pkgwatcher.cpp:146] Behavioral Engine with express mode only is on, therefore module is not activated I0314 16:09:41.633208 815694 servicemodule.cpp:269] Attempting start slkd-scheduler I0314 16:09:41.637563 815695 forkmanager.cpp:62] Forked slkd-scheduler process with id: 815695 I0314 16:09:41.641709 815695 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 16:09:41.657302 815706 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. 2024-03-14 16:09:42.086 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:42.088 INFO enforcersettings/enforcersettings.go:127 [slkcndr] CNDR Telemetry is enabled 2024-03-14 16:09:42.089 INFO enforcersettings/enforcersettings.go:127 [slkcndr] Enforce Mode is enabled 2024-03-14 16:09:42.089 INFO usecase/usecase.go:261 [slkcndr] Waiting for the signature to be loaded into Tracee rules engine... 2024-03-14 16:09:42.089 INFO usecase/usecase.go:263 [slkcndr] Signatures are loaded successfully into Tracee rules engine. Starting Tracee eBPF engine... I0314 16:09:42.634084 804891 server_unix.cpp:115] /opt/aquasec/slkd started in container I0314 16:09:46.640817 815810 gwclientmodule.cpp:357] Started GW client process 815810 I0314 16:09:46.657881 815810 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 16:09:46.673933 815810 proxyserver.cpp:37] Server listenning on unix:///opt/aquasec/audit/proxyserver.sock I0314 16:09:46.674283 815810 cmdhandler.cpp:144] Eagle monitor enabled=false I0314 16:09:46.685393 815825 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 16:09:46.704034 815832 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 16:09:46.704221 815810 grpcchannel.cpp:1238] Timeout for authentication request will range between 300 and 600 seconds I0314 16:09:46.704315 815810 grpcchannel.cpp:1241] Interval between authentication requests will range between 10 and 20 seconds I0314 16:09:46.706817 815810 grpcchannel.cpp:1026] Initiating a secure connection to a GW on address: 'd0653fe853-gw.cloud.aquasec.com:443' (timeout: 20 seconds) I0314 16:09:46.961490 815810 grpcchannel.cpp:1035] Established a secure channel to GW 'd0653fe853-gw.cloud.aquasec.com:443' I0314 16:09:46.962584 815810 grpcchannel.cpp:609] Enforcer is reopening push notification channel I0314 16:09:46.971707 815810 grpcchannel.cpp:797] Enforcer is authenticating with Gateway (timeout: 353 seconds) I0314 16:09:46.991320 815810 gwgrpcclient.cpp:375] Successfully registered in GW aqua-gateway-csp-8569b966f4-6xlm5_gateway (2402.8.22) I0314 16:09:46.993194 815810 gwgrpcclient.cpp:391] Using protocol version 1.3 I0314 16:09:46.993307 815810 gwgrpcclient.cpp:400] Workloads full sync is required I0314 16:09:46.997221 815810 grpcchannel.cpp:628] Successfully established a secure channel to Gateway 'd0653fe853-gw.cloud.aquasec.com:443' I0314 16:09:46.997692 815810 imageservice.cpp:44] Enabled multiple registries mode I0314 16:09:46.997790 815810 readiness.cpp:21] readinessProbe is enabled I0314 16:09:46.998639 815810 gwclientgrpchandler.cpp:38] GwClient gRPC handle listening at unix:///opt/aquasec/audit/gwclientgrpchandler.sock I0314 16:09:47.006558 815810 gwgrpcclient.cpp:624] Sending registration info (host.connect) I0314 16:09:47.007038 815810 gwgrpcclient.cpp:629] New GW Client Session ID: 1 I0314 16:09:47.277455 815816 cmdhandler.cpp:1326] Got GW command : 'host.sync.messages' I0314 16:09:47.280159 815832 asynchostimagelist.cpp:148] Synced Host Images with the GW. I0314 16:09:47.281417 815832 acldb_image.cpp:458] Enforcer cleaned up Repo Images table successfully I0314 16:09:47.288019 815816 cmdhandler.cpp:1326] Got GW command : 'host.sync.global.settings' I0314 16:09:47.653913 815467 workloadsmicroservice.cpp:486] Workloads Microservice succesfully connected I0314 16:09:47.654369 815467 workloadsmicroservice.cpp:543] Triggered connection monitor for workloads microservice. I0314 16:09:52.813446 815816 sedockercmd.cpp:6076] SeAgent::SetLightningMode: enable = true I0314 16:09:52.820847 815816 cmdhandler.cpp:1326] Got GW command : 'host.sync.policies' E0314 16:09:53.651858 815487 gw_client.clientservice.proxylite.pb.cc:506] Timeout exceeded for rpc: (call id 1 procedure id 2) Service name GwClient E0314 16:09:53.652191 815487 secretsvaultmicroservice.cpp:208] Failed to get secrets from GWClient I0314 16:09:53.803686 815816 cmdhandler.cpp:4124] Send netfilter update_end I0314 16:09:53.807780 815816 cmdhandler.cpp:1326] Got GW command : 'host.sync.settings' 2024-03-14 16:09:53.813 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:53.816 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:53.821 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:53.827 INFO usecase/configmgr.go:66 [slkcndr] [Signatures Settings: TRC-108:dry TRC-60:dry TRC-188:dry TRC-2:wet TRC-28:dry TRC-43:wet TRC-3:wet TRC-88:wet TRC-143:wet TRC-156:wet TRC-182:dry TRC-183:dry TRC-133:dry TRC-167:wet TRC-34:wet TRC-64:wet TRC-155:wet TRC-38:wet TRC-63:wet TRC-82:disable TRC-13:wet TRC-134:dry TRC-14:wet TRC-149:disable ART-1:wet TRC-147:wet TRC-157:wet TRC-37:wet TRC-117:dry TRC-12:disable TRC-145:disable TRC-146:wet ART-2:wet ART-9:wet TRC-105: TRC-116:dry TRC-23:wet TRC-8:disable TRC-198:disable TRC-84:wet TRC-101:dry TRC-123:wet TRC-124:dry TRC-178:dry TRC-177:wet TRC-179:disable TRC-36:wet TRC-5:dry ART-3:wet TRC-128:dry TRC-15:dry TRC-154:wet ART-7:wet TRC-144:wet TRC-166:dry TRC-47:wet TRC-58:wet TRC-112:wet TRC-181:wet TRC-184:disable TRC-278:wet TRC-109:dry TRC-110:disable TRC-42:disable TRC-30:dry TRC-4:disable TRC-74:wet TRC-104:wet TRC-113:wet TRC-136:dry TRC-137:wet TRC-132:dry TRC-138:wet TRC-66:wet TRC-49:wet TRC-55:dry TRC-61:wet TRC-62:wet TRC-1:dry TRC-127:wet TRC-142: TRC-48:wet TRC-96:wet TRC-59:wet TRC-91:dry TRC-103:disable TRC-180:wet TRC-19:dry TRC-41:wet TRH-3:dry TRC-11:wet TRC-115:dry TRC-150:disable TRC-22:wet TRC-51:wet TRC-107:dry TRC-119:disable TRC-175:dry TRC-29:wet TRC-89:wet TRC-17:wet TRC-25:wet TRC-35:dry TRC-78:wet TRC-21:dry TRC-27:wet TRC-279:wet TRH-2:dry TRC-94:dry TRC-95:wet TRC-100: TRC-151:disable TRC-168:disable TRC-67:wet ART-6:wet TRC-120:dry TRC-165:wet TRC-26:dry TRC-131:disable TRC-169:dry TRC-197:disable TRC-57:wet TRC-97:dry TRC-98:dry TRC-111:disable TRC-16:dry TRC-176:dry TRC-24:wet TRC-170:dry TRC-33:wet TRC-71:wet TRC-76:wet ART-8:wet TRC-122:dry TRC-129:wet TRC-139:dry TRC-90:wet TRC-106:wet TRC-185:wet TRC-39:dry TRC-9:wet TRC-99:dry TRC-102:disable TRC-121:disable TRC-153:wet TRC-83:wet TRC-7:dry TRC-80:wet TRC-10:wet TRC-148:disable TRC-18: TRC-187:dry TRC-162:dry TRC-6:wet ART-4:wet TRC-114:wet TRC-118:disable TRC-130:disable TRC-135:dry TRC-173:wet TRC-45:wet TRC-86:wet TRC-20:dry TRC-40:wet TRC-54:dry TRH-1:dry TRC-140:wet TRC-141:wet TRC-163:dry TRC-191:wet ] I0314 16:09:53.833289 815816 sedockercmd.cpp:6363] Image assurance is enabled I0314 16:09:53.834339 804891 runcinterceptor.cpp:53] Behavioral Engine with express mode only is on, therefore module is not activated I0314 16:09:53.835913 815816 sedockercmd.cpp:6672] Host user protection is disabled 2024-03-14 16:09:53.841 INFO enforcersettings/enforcersettings.go:105 [slkcndr] Reloading Enforce Mode setting... 2024-03-14 16:09:53.841 INFO enforcersettings/enforcersettings.go:127 [slkcndr] Enforce Mode is enabled I0314 16:09:53.842404 815816 cmdhandler.cpp:1326] Got GW command : 'host.sync.secrets' I0314 16:09:53.844027 815816 cmdhandler.cpp:1326] Got GW command : 'cndr.config' 2024-03-14 16:09:53.847 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:53.849 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:53.851 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 16:09:53.854 INFO usecase/configmgr.go:66 [slkcndr] [Signatures Settings: TRC-107:dry TRC-136:dry TRC-138:wet TRC-177:wet TRC-17:wet TRC-26:dry TRC-38:wet TRC-119:disable TRC-2:wet TRC-20:dry TRC-8:disable TRC-80:wet TRC-98:dry TRC-109:dry TRC-118:disable TRC-30:dry TRC-47:wet ART-1:wet TRC-142: TRC-144:wet TRC-150:disable TRC-156:wet TRC-49:wet TRC-63:wet TRC-106:wet TRC-153:wet TRC-198:disable TRC-76:wet ART-2:wet TRC-108:dry TRC-114:wet TRC-166:dry TRC-182:dry TRC-24:wet TRC-41:wet TRC-59:wet TRC-82:disable TRC-84:wet TRC-88:wet ART-6:wet ART-8:wet TRC-10:wet TRC-123:wet TRC-188:dry TRC-279:wet TRC-4:disable TRC-54:dry ART-4:wet TRC-13:wet TRC-132:dry TRC-145:disable TRC-147:wet TRC-165:wet TRC-185:wet TRC-187:dry TRC-89:wet TRC-94:dry TRC-105: TRC-12:disable TRC-33:wet TRC-62:wet TRC-1:dry TRC-110:disable TRC-130:disable TRC-71:wet TRC-155:wet TRC-197:disable TRC-28:dry TRC-141:wet TRC-157:wet TRC-15:dry TRC-175:dry TRC-178:dry TRC-21:dry TRC-74:wet TRC-97:dry TRH-1:dry TRC-129:wet TRC-135:dry TRC-22:wet TRC-55:dry TRC-23:wet TRC-48:wet TRC-115:dry TRH-3:dry TRC-113:wet TRC-120:dry TRC-122:dry TRC-139:dry TRC-151:disable TRC-168:disable TRC-179:disable TRC-18: TRC-191:wet TRC-34:wet TRC-40:wet TRC-5:dry TRC-67:wet TRC-9:wet TRC-99:dry TRC-101:dry TRC-111:disable TRC-116:dry TRC-14:wet TRC-42:disable TRC-95:wet TRC-146:wet TRC-90:wet TRC-117:dry TRC-137:wet TRC-167:wet TRC-61:wet ART-3:wet TRC-11:wet TRC-124:dry TRC-133:dry TRC-78:wet TRC-6:wet TRC-86:wet TRC-16:dry TRC-36:wet TRC-43:wet TRC-45:wet TRC-140:wet TRC-154:wet TRC-170:dry TRC-60:dry TRC-121:disable TRC-128:dry TRC-163:dry TRC-176:dry TRC-19:dry TRC-51:wet TRC-83:wet TRC-96:wet TRC-104:wet TRC-112:wet TRC-148:disable TRC-173:wet TRC-181:wet TRC-37:wet TRC-58:wet TRC-7:dry TRC-134:dry TRC-149:disable TRC-25:wet TRC-3:wet TRC-35:dry TRC-39:dry TRH-2:dry TRC-103:disable TRC-131:disable TRC-143:wet ART-9:wet TRC-180:wet TRC-184:disable TRC-27:wet TRC-66:wet TRC-91:dry ART-7:wet TRC-102:disable TRC-127:wet TRC-169:dry TRC-183:dry TRC-100: TRC-162:dry TRC-278:wet TRC-29:wet TRC-57:wet TRC-64:wet ] I0314 16:09:53.855549 815816 connectionmonitorservice.cpp:31] Registering a new monitoring event E0314 16:09:53.856196 815492 rpcclientparser.proxylite.pb.cc:429] Not found call id 1 E0314 16:09:53.856288 815492 rpcclientconnectionimpl.cpp:401] Failed handle client rpc I0314 16:09:53.857540 815816 cmdhandler.cpp:1326] Got GW command : 'litesync.update.cache' I0314 16:09:53.869102 815816 asyncgethostimagesrecord.cpp:233] Lite Sync Finished. Synced: 84 images. I0314 16:09:53.869283 815816 cmdhandler.cpp:1326] Got GW command : 'host.sync.secrets' I0314 16:09:53.869719 815468 workloadsmicroservice.cpp:893] Syncing Workloads Microservice (full sync is required). [slkaudit] 2024/03/14 16:09:56 Trying to connect to GW via gRPC and address d0653fe853-gw.cloud.aquasec.com:443 I0314 16:09:58.655684 815816 cmdhandler.cpp:1326] Got GW command : 'host.sync.secrets' I0314 16:10:02.008745 815816 gwgrpcclient.cpp:1168] Readiness probe status set to 'ready' 2024-03-14 16:10:02.791 INFO usecase/local.go:143 [slkcndr] Succeeded to create a local connection to gwclient I0314 16:10:04.198838 815746 enginemanagerimpl.cpp:241] Cron task started. 2024-03-14 16:10:04.366 INFO usecase/cloud.go:321 [slkcndr] Retrying unary method /cndrcloud.CndrCloud/ReportFindings after re-fetching jwt {"level":"error","ts":1710432606.1280239,"msg":"handling event by signature Possible container escape - Cgroups mount detected: argumrny type is not initialized"} {"level":"error","ts":1710432606.1309135,"msg":"handling event by signature Possible container escape - Cgroups mount detected: argumrny type is not initialized"} [slkaudit] 2024/03/14 16:10:06 Successfully connected to gateway via gRPC: AuditV2 2024-03-14 16:12:22.247 INFO eventsmanager/audits.go:103 [slkcndr] [End of re-sending of audits from database] 2024-03-14 16:12:22.274 INFO eventsmanager/events.go:119 [slkcndr] [End of re-sending of events from database] {"level":"error","ts":1710432843.71089,"msg":"handling event by signature CPU Optimization attempt for cryptominer was detected: argumrny argv is not initialized"} {"level":"error","ts":1710432843.7147434,"msg":"handling event by signature CPU Optimization attempt for cryptominer was detected: argumrny argv is not initialized"} {"level":"error","ts":1710432843.7147863,"msg":"handling event by signature CPU Optimization attempt for cryptominer was detected: argumrny argv is not initialized"} {"level":"error","ts":1710432843.7135186,"msg":"handling event by signature CPU Optimization attempt for cryptominer was detected: argumrny argv is not initialized"} I0314 16:14:32.779227 815468 workloadsmicroservice.cpp:855] Syncing 1 'container exit' events {"level":"error","ts":1710432916.3262188,"msg":"handling event by signature Possible container escape - Cgroups mount detected: argumrny type is not initialized"} {"level":"error","ts":1710432916.3263454,"msg":"handling event by signature Possible container escape - Cgroups mount detected: argumrny type is not initialized"} {"level":"error","ts":1710433167.1341023,"msg":"handling event by signature CPU Optimization attempt for cryptominer was detected: argumrny argv is not initialized"} {"level":"error","ts":1710433167.1342044,"msg":"handling event by signature CPU Optimization attempt for cryptominer was detected: argumrny argv is not initialized"} {"level":"error","ts":1710433167.1342192,"msg":"handling event by signature CPU Optimization attempt for cryptominer was detected: argumrny argv is not initialized"} {"level":"error","ts":1710433167.1342328,"msg":"handling event by signature CPU Optimization attempt for cryptominer was detected: argumrny argv is not initialized"} I0314 16:19:32.906451 815468 workloadsmicroservice.cpp:855] Syncing 1 'container exit' events