kubectl logs -n aqua aqua-enforcer-ds-q95r4 Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup', proc path: '/host/proc' I0314 17:32:59.107668 973845 seagent.cpp:327] Aqua Security 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:53:58 I0314 17:32:59.107764 973845 miscfunc.cpp:911] Agent container id not found. I0314 17:32:59.107822 973845 miscfunc.cpp:915] Call GetContainerIdV2 to find agent container id. I0314 17:32:59.107923 973845 miscfunc.cpp:930] Agent container id found: d8115a39dff6999463671c366465ec80ef5fd396b0d623a6d07753955e6a8a59 I0314 17:32:59.107954 973845 seagent.cpp:1151] Container id: d8115a39dff6999463671c366465ec80ef5fd396b0d623a6d07753955e6a8a59 I0314 17:32:59.107982 973845 seagent.cpp:1162] Installation directory: /var/lib/aquasec I0314 17:32:59.108026 973845 seagent.cpp:1186] Installation mode: service I0314 17:32:59.119524 973845 miscfunc.cpp:585] Get local hostIPs count is 2. I0314 17:32:59.119699 973845 server_unix.cpp:465] utls_net.c:729] Get physical IP, netpath=/host/sys/class/net, filesCount=16, rc=0 I0314 17:32:59.119794 973845 server_unix.cpp:465] utls_net.c:755] Get physical IP, netpath=/host/sys/class/net, ifr_name=eth1 , ip=10.0.119.187 I0314 17:32:59.119916 973845 server_unix.cpp:465] utls_net.c:755] Get physical IP, netpath=/host/sys/class/net, ifr_name=eth0 , ip=10.0.120.213 I0314 17:32:59.119997 973845 miscfunc.cpp:627] Get physical hostIPs count is 2, inCont=true I0314 17:32:59.126056 973845 acldb.cpp:1676] Using Repo Images DB version no. 21 I0314 17:32:59.159492 973845 seagent.cpp:10135] Core file pattern 'core ' I0314 17:32:59.159616 973845 seagent.cpp:5437] Host id: Host name : ip-10-0-120-213.us-west-2.compute.internal Host short name : ip-10-0-120-213 Host IPs : '10.0.120.213' '10.0.119.187' Host physical IP: '10.0.119.187' '10.0.120.213' Host MAC : 06-B1-46-4F-AA-EB I0314 17:32:59.159770 973845 seagent.cpp:1221] Host system: Pretty name : 'Bottlerocket OS 1.19.2 (aws-k8s-1.28)' Short name : 'Bottlerocket' Id : 'bottlerocket' Like : '' Version : '1.19.2' Kernel : '6.1.77' I0314 17:32:59.160133 973845 preloadaux.cpp:1767] Get target fs type found fsname=/dev/nvme1n1p1 dir=/local type=xfs I0314 17:32:59.160199 973845 preloadaux.cpp:1660] V2. Find target FS dev major=259 minor=16 mnt_type=xfs rc=0 dev_path=/dev/nvme1n1p1 E0314 17:32:59.161175 973845 server_unix.cpp:459] smsg_internal.c:51] Failed to find file '/opt/aquasec/messages/CUSTOM/aquamsg.txt' I0314 17:32:59.161224 973845 preloadaux.cpp:2050] calling init search dl paths I0314 17:32:59.161254 973845 preloadaux.cpp:2060] Search libdl in the paths: '/lib' '/lib64' '/lib/x86_64-linux-gnu/' '/lib64/x86_64-linux-gnu/' '/lib/i386-linux-gnu/' I0314 17:32:59.161280 973845 preloadaux.cpp:2075] Search libc library in the paths: '/lib' '/lib64' '/lib/x86_64-linux-gnu/' '/lib64/x86_64-linux-gnu/' '/lib/i386-linux-gnu/' I0314 17:32:59.161307 973845 seagent.cpp:872] done calling init search libraries paths I0314 17:32:59.161386 973845 seagent.cpp:904] Set environment 32 bit support is on I0314 17:32:59.162856 973845 seagent.cpp:4443] Using node name: ip-10-0-120-213.us-west-2.compute.internal I0314 17:32:59.162972 973845 seagent.cpp:3181] Risk explorer auto discovery is disabled I0314 17:32:59.169240 973845 seagent.cpp:4547] Lightning mode is enabled I0314 17:32:59.170141 973845 sedockercmd.cpp:6453] Host forensics is enabled I0314 17:32:59.171747 973845 sedockercmd.cpp:6520] Container forensics is enabled I0314 17:32:59.173650 973845 seagent.cpp:4638] Enforcer will not verify the peer's certificate, please set AQUA_TLS_VERIFY=true to enable certificate verification I0314 17:32:59.173746 973845 seagent.cpp:1280] Image service multi registries mode: enabled I0314 17:32:59.173786 973845 seagent.cpp:1874] Enforcer is running in OPEN mode. I0314 17:32:59.173816 973845 seagent.cpp:1462] Enforcer is running in 'Network' CLOSE mode. I0314 17:32:59.180480 973845 seagent.cpp:2442] DiscoverEngineSockets: found process name: kubelet pid: 1434 socket: unix:///run/containerd/containerd.sock I0314 17:32:59.180970 973845 seagent.cpp:2457] Found engine: containerd socket: 'unix:///run/containerd/containerd.sock' I0314 17:32:59.181005 973845 seagent.cpp:2342] Assuming containerd environment I0314 17:32:59.249490 973845 seagent.cpp:1571] Memory pressure is not configured. No Memory Cap is configured. I0314 17:32:59.250618 973845 udslite.cpp:30] Increasing socket buffer 'SO_RCVBUF' to 524288 bytes I0314 17:32:59.250664 973845 udslite.cpp:65] Increased 'SO_RCVBUF' to 1048576 bytes I0314 17:32:59.250689 973845 udslite.cpp:30] Increasing socket buffer 'SO_SNDBUF' to 524288 bytes I0314 17:32:59.250722 973845 udslite.cpp:65] Increased 'SO_SNDBUF' to 1048576 bytes I0314 17:32:59.250926 973845 seagent.cpp:2987] Setting CRI runtime endpoint to /run/containerd/containerd.sock I0314 17:32:59.250970 973845 seagent.cpp:1950] Running on Kubernetes node E0314 17:32:59.252596 976810 db.cpp:130] Failed to open db '/data/acl.db', native error: unable to open database file E0314 17:32:59.252696 976810 db.cpp:130] Failed to open db '/data/cache.db', native error: unable to open database file E0314 17:32:59.252766 976810 db.cpp:130] Failed to open db '/data/aud.db', native error: unable to open database file E0314 17:32:59.252831 976810 db.cpp:130] Failed to open db '/data/alert.db', native error: unable to open database file E0314 17:32:59.252884 976810 db.cpp:130] Failed to open db '/data/profile.db', native error: unable to open database file E0314 17:32:59.252943 976810 db.cpp:130] Failed to open db '/data/cndr_events.db', native error: unable to open database file I0314 17:32:59.318120 973845 cloudvendor.cpp:394] VM cloud information: VM Cloud vendor : AWS VM Account : 867286930927 VM ID : i-078990ceb382089d1 VM Image ID : ami-04dbe1faabf8ed7eb VM Location : us-west-2 VM Private ip(s) : 10.0.120.213 VM Security group(s) : eks-cluster-sg-eks-br-us-west-2-X861-28-blueprint-1992592983 I0314 17:33:01.543973 973845 getbundlepath.cpp:255] Runc bundle prefix path='/run/containerd/io.containerd.runtime.v2.task/k8s.io' bundle suffix path=' E0314 17:33:01.544274 973845 seagent.cpp:9905] Boot config file 'config-6.1.77' not found in '/boot' '/usr/boot' I0314 17:33:01.544376 973845 seagent.cpp:9964] Check fanotify perm, set FAN_OPEN_PERM for file '/tmp/check_fan_hkPmon OK. I0314 17:33:01.569278 973845 seagent.cpp:5602] Fanotify is supported. I0314 17:33:01.569608 973845 seagent.cpp:5622] Set runc_interception_mode fanotify. I0314 17:33:01.577862 973845 seagent.cpp:3044] CRI info: CRI server version : 1.6.28+bottlerocket CRI api version : v1 E0314 17:33:03.303726 973845 cndrcmds.cpp:233] Could not notify about workloads contexts update: failed to connect to all addresses W0314 17:33:03.303994 973845 sedockercmd.cpp:2547] Container workloads have not been notified about their contexts I0314 17:33:03.304327 973845 seagent.cpp:1851] Secrets feature: enabled I0314 17:33:03.305511 973845 seagent.cpp:4696] Set environment variable 'SLKD_OSVERSION_ID=bottlerocket I0314 17:33:03.305546 973845 seagent.cpp:4703] Set environment variable 'SLKD_OSVERSION_NUM=1.19.2 I0314 17:33:03.305579 973845 seagent.cpp:4713] Set environment variable 'SLKD_PID=973845 I0314 17:33:03.305652 973845 seagent.cpp:4721] Set environment variable 'SLKD_CONTAINER_ID=d8115a39dff6999463671c366465ec80ef5fd396b0d623a6d07753955e6a8a59 I0314 17:33:03.305684 973845 seagent.cpp:4745] Set environment variable 'SLKD_AV_PROTECTION=true I0314 17:33:03.305754 973845 seagent.cpp:4784] Set environment variable 'SLKD_RUNTIME_ENGINE=containerd' I0314 17:33:03.305812 973845 seagent.cpp:4794] Set environment variable 'SLKD_RUNTIME_ENDPOINT=/run/containerd/containerd.sock' I0314 17:33:03.305871 973845 seagent.cpp:4814] Set environment variable 'SLKD_RUNC_FANOTIFY_INTERCEPTION=true' I0314 17:33:03.305922 973845 seagent.cpp:4824] Set environment variable 'SLKD_RUNC_BUNDLE_PREFIX=/run/containerd/io.containerd.runtime.v2.task/k8s.io' I0314 17:33:03.305989 973845 seagent.cpp:4844] Set environment variable 'SLKD_RUNC_PATH=/x86_64-bottlerocket-linux-gnu/sys-root/usr/bin/runc' I0314 17:33:03.306037 973845 seagent.cpp:4854] Set environment variable 'SLKD_RUNC_ROOT_PATH=/run/containerd/runc/k8s.io/' I0314 17:33:03.306097 973845 seagent.cpp:4871] Set environment variable 'SLKD_CONTAINERIZED=true' I0314 17:33:03.306123 973845 seagent.cpp:4877] Set environment variable 'SLKD_EXEC_CACHE=true' I0314 17:33:03.306154 973845 seagent.cpp:4883] Set environment variable 'SLKD_INTERCEPTOR_FAILOPEN=false' I0314 17:33:03.306186 973845 seagent.cpp:4889] Set environment variable 'SLKD_INTERCEPTOR_INTERVAL_FAILOPEN=5' I0314 17:33:03.306218 973845 seagent.cpp:4903] Set environment variable 'SLKD_CRIAPI_V1=1 I0314 17:33:03.306249 973845 seagent.cpp:4948] Set environment variable 'SLKD_PRIVILEGED=false' I0314 17:33:03.307797 973845 runcinterceptor.cpp:83] Using fanotify slkinterceptor-lite I0314 17:33:03.307965 977923 servicemodule.cpp:269] Attempting start slkd-hostproc I0314 17:33:03.309746 977924 forkmanager.cpp:62] Forked slkhostproc process with id: 977924 [slkhostproc] 2024/03/14 17:33:03 slkhostproc version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkhostproc] 2024/03/14 17:33:03 grpc server socket is : /var/lib/aquasec/audit/slkhostproc.sock I0314 17:33:04.309129 977930 servicemodule.cpp:269] Attempting start slkd-audit I0314 17:33:04.311086 977931 forkmanager.cpp:62] Forked slkaudit process with id: 977931 [slkaudit] 2024/03/14 17:33:04 slkaudit version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 I0314 17:33:05.309579 977942 servicemodule.cpp:269] Attempting start slkcndr I0314 17:33:05.310377 977943 forkmanager.cpp:62] Forked slkcndr process with id: 977943 2024-03-14 17:33:05.332 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:05.335 INFO app/app.go:122 [slkcndr] Using address d0653fe853-gw.cloud.aquasec.com:443 2024-03-14 17:33:05.335 INFO usecase/cloud.go:210 [slkcndr] Connection established with remote server d0653fe853-gw.cloud.aquasec.com:443 2024-03-14 17:33:05.337 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:05.340 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:05.342 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:05.344 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-37 2024-03-14 17:33:05.344 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-8 2024-03-14 17:33:05.344 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-10 2024-03-14 17:33:05.344 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-127 2024-03-14 17:33:05.344 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-3 2024-03-14 17:33:05.344 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-133 2024-03-14 17:33:05.344 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-25 2024-03-14 17:33:05.344 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-80 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-140 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-55 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-26 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-35 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-58 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-78 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-132 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-157 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-64 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-98 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-1 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-135 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-138 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-173 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-2 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-2 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-9 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-84 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-162 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-39 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-2 2024-03-14 17:33:05.345 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-7 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-122 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-43 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-61 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-76 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-6 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-21 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-28 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-30 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-86 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-115 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-165 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-180 2024-03-14 17:33:05.346 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-60 2024-03-14 17:33:05.347 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-95 2024-03-14 17:33:05.347 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-178 2024-03-14 17:33:05.347 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-109 2024-03-14 17:33:05.347 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-120 2024-03-14 17:33:05.347 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-155 2024-03-14 17:33:05.347 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-66 2024-03-14 17:33:05.347 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-19 2024-03-14 17:33:05.348 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-3 2024-03-14 17:33:05.348 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-15 2024-03-14 17:33:05.349 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-176 2024-03-14 17:33:05.349 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-20 2024-03-14 17:33:05.349 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-29 2024-03-14 17:33:05.349 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-47 2024-03-14 17:33:05.349 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-3 2024-03-14 17:33:05.349 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-101 2024-03-14 17:33:05.349 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-11 2024-03-14 17:33:05.349 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-1 2024-03-14 17:33:05.349 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-13 2024-03-14 17:33:05.349 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-143 2024-03-14 17:33:05.350 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-181 2024-03-14 17:33:05.350 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-33 2024-03-14 17:33:05.350 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-104 2024-03-14 17:33:05.351 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-114 2024-03-14 17:33:05.351 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-51 2024-03-14 17:33:05.351 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-48 2024-03-14 17:33:05.351 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-67 2024-03-14 17:33:05.351 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-74 2024-03-14 17:33:05.351 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-116 2024-03-14 17:33:05.351 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-141 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-16 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-17 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-34 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-40 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-41 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-167 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-169 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-62 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-96 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-23 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-94 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-144 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-91 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-45 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-128 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-166 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-182 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-153 2024-03-14 17:33:05.352 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-154 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-187 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-191 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-90 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-137 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-183 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-89 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-139 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-14 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-54 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-170 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-27 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-22 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-24 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-107 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-129 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-177 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-38 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-49 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-59 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-9 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-163 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-134 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-146 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-147 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-1 2024-03-14 17:33:05.353 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-123 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-83 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-97 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-112 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-63 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-7 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-71 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-88 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-4 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-106 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-108 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-99 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-36 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-156 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-188 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-5 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-57 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-6 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-113 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-175 2024-03-14 17:33:05.354 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-185 2024-03-14 17:33:05.354 INFO eventsmanager/eventsmanager.go:227 [slkcndr] [Starting Events Manager...] 2024-03-14 17:33:05.354 INFO db/db.go:28 [slkcndr] Opening database file /data/cndr_events.db 2024-03-14 17:33:05.356 INFO eventsmanager/audits.go:87 [slkcndr] [Starting re-sending of audits from database...] 2024-03-14 17:33:05.356 INFO eventsmanager/events.go:92 [slkcndr] [Starting re-sending of events from database...] 2024-03-14 17:33:05.356 INFO workloads/manager.go:138 [slkcndr] [Workloads Manager] Attempting Connection to gRPCServer. I0314 17:33:06.310937 973845 runcinterceptor.cpp:53] Behavioral Engine with express mode only is on, therefore module is not activated [slkaudit] 2024/03/14 17:33:06 Trying to connect to GW via gRPC and address d0653fe853-gw.cloud.aquasec.com:443 I0314 17:33:07.312156 977988 servicemodule.cpp:269] Attempting start slkd-ocicfg I0314 17:33:07.314044 977989 forkmanager.cpp:62] Forked slkocicfg process with id: 977989 [slkocicfg] 2024/03/14 17:33:07 slkocicfg version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkocicfg] 2024/03/14 17:33:07 CRI API v1 version is supported? true [slkocicfg] 2024/03/14 17:33:07 Runtime Endpoint socket is : /run/containerd/containerd.sock, engine is: containerd [slkocicfg] 2024/03/14 17:33:07 containerd version is : 1.6.28+bottlerocket I0314 17:33:08.313441 973845 pkgquerymodule.cpp:71] Behavioral Engine with express mode only is on, therefore module is not activated I0314 17:33:09.314731 977996 servicemodule.cpp:269] Attempting start slkd-scan I0314 17:33:09.316584 977997 forkmanager.cpp:62] Forked slkscan process with id: 977997 [slkscan] 2024/03/14 17:33:09 slkscan version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkscan] 2024/03/14 17:33:09 Starting Server.... [slkscan] 2024/03/14 17:33:09 Starting Scan Manager .... [slkscan] 2024/03/14 17:33:09 Starting Host Assurance Manager .... [slkscan] 2024/03/14 17:33:09 Intializing scanners .... [slkscan] 2024/03/14 17:33:09 Intializing scanner .... [slkscan] 2024/03/14 17:33:09 Intializing scanner .... [slkscan] 2024/03/14 17:33:09 Intializing scanner .... [slkscan] 2024/03/14 17:33:09 Intializing scanner .... [slkscan] 2024/03/14 17:33:09 Intializing scanner .... I0314 17:33:10.315869 978007 servicemodule.cpp:269] Attempting start HostSecModule I0314 17:33:10.317765 978008 forkmanager.cpp:62] Forked slkhostsecd process with id: 978008 I0314 17:33:10.388382 978008 procsmap.cpp:182] check system 'CONFIG_PROC_EVENTS' returned 'y' E0314 17:33:10.389142 978014 loginnotifier.cpp:199] File '/var/log/wtmp' not found E0314 17:33:10.389304 978015 loginnotifier.cpp:380] File '/var/log/btmp' not found I0314 17:33:10.390340 978008 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 E0314 17:33:10.395304 978008 filenotify.cpp:164] Boot config file 'config-6.1.77' not found in '/boot' '/usr/boot' I0314 17:33:10.439278 978008 slkhostsecd.cpp:164] fanotify is supported I0314 17:33:10.439355 978008 filenotify.cpp:255] slkhostsecd is running in container, db path '/var/lib/aquasec/data' E0314 17:33:10.439419 978008 filenotify.cpp:1671] Failed to determined package manager type in host. package block feature will be disabled. I0314 17:33:10.439467 978008 filenotify.cpp:278] Capability CAP_LINUX_IMMUTABLE is not supported, blocked files may be deleted E0314 17:33:10.636680 978009 cndrcmds.cpp:233] Could not notify about workloads contexts update: failed to connect to all addresses W0314 17:33:10.637012 978009 sedockercmd.cpp:8363] Workload '__HOST__' has not been notified about its context I0314 17:33:10.637377 978025 slkhostsecd.cpp:1035] User activity trace enable ok. E0314 17:33:10.639765 978009 sedockerav.cpp:37] Failed to connect to /opt/aquasec/audit/slkavd.sock, error: Connection refused I0314 17:33:11.318854 978039 servicemodule.cpp:269] Attempting start Avdmodule I0314 17:33:11.319728 978040 forkmanager.cpp:62] Forked slkavd process with id: 978040 I0314 17:33:11.337253 978040 slkavd.cpp:170] Set environment variable AQUA_PROXYLITE_USE_MAX_CORES=true I0314 17:33:11.337312 978040 slkavd.cpp:714] Using scan engine Avira I0314 17:33:11.338436 978040 aviraengine.cpp:704] SAVAPI version 4.15.16.62 I0314 17:33:11.338762 978040 slkavd.cpp:238] slkavd is running in container, db path '/var/lib/aquasec/data' I0314 17:33:11.361822 978040 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 4 max:8 I0314 17:33:11.383751 978040 slkavd.cpp:1509] Enabling host antivirus. I0314 17:33:12.319193 973845 livenessmodule.cpp:64] livenessProbe is enabled I0314 17:33:12.319396 978280 servicemodule.cpp:269] Attempting start slk-healthz I0314 17:33:12.321794 978281 forkmanager.cpp:62] Forked slkhealthz process with id: 978281 I0314 17:33:13.320453 973845 definitions.hpp:145] Health probe is supported in this environment I0314 17:33:13.320729 978312 servicemodule.cpp:269] Attempting start slkd-healthprobe I0314 17:33:13.322923 978313 forkmanager.cpp:62] Forked health-probe process with id: 978313 I0314 17:33:13.324386 978313 healthprobe.cpp:51] Created health probe config json file '/opt/aquasec/tmp/health/config.json' I0314 17:33:13.324522 978313 healthconfigloader.cpp:55] No change in health probe configuration - nothing to do I0314 17:33:13.325518 978313 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:33:13.337508 978313 enginemanagerimpl.cpp:241] Cron task started. I0314 17:33:13.337677 978313 modulehealthcontroller.cpp:58] Successfully created channel to slkd-grpcserver. E2E Sanity Check initiated I0314 17:33:14.321772 978326 servicemodule.cpp:269] Attempting start slkd-logcollector I0314 17:33:14.323930 978327 forkmanager.cpp:62] Forked log-collector process with id: 978327 I0314 17:33:14.326160 978327 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:33:15.323015 973845 netfiltermodule.cpp:48] Behavioral Engine with express mode only is on, therefore module is not activated [slkhealthz] 2024/03/14 17:33:15 slkhealthz version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkhealthz] 2024/03/14 17:33:15 Health & Readiness monitors start listen to 0.0.0.0:8096 I0314 17:33:15.634023 978040 aviraengine.cpp:374] Successfully merged xVDF files [slkaudit] 2024/03/14 17:33:16 Successfully connected to gateway via gRPC: AuditV2 I0314 17:33:17.324306 978361 servicemodule.cpp:269] Attempting start slkd-watchdog I0314 17:33:17.326361 978362 forkmanager.cpp:62] Forked Watchdog process with id: 978362 I0314 17:33:18.325587 978363 servicemodule.cpp:269] Attempting start slkd-workloads-microservice I0314 17:33:18.327669 978364 forkmanager.cpp:62] Forked slkd-workloads-microservice process with id: 978364 I0314 17:33:18.328799 978364 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:33:18.335345 978364 workloadsgrpchandler.cpp:50] Workloads audit gRPC server listening at unix:///opt/aquasec/audit/workloadsauditservice.sock I0314 17:33:18.335505 978364 enginemanagerimpl.cpp:241] Cron task started. I0314 17:33:18.348681 978364 workloadsmicroservice.cpp:268] Initialized workloads microservice. I0314 17:33:19.326614 978384 servicemodule.cpp:269] Attempting start slkd-secrets-vault I0314 17:33:19.328707 978385 forkmanager.cpp:62] Forked slkd-secrets-vault process with id: 978385 I0314 17:33:19.331034 978385 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:33:19.342370 978385 enginemanagerimpl.cpp:241] Cron task started. I0314 17:33:19.342722 978385 secretsvaultmicroservice.cpp:78] Initialized secrets vault microservice. I0314 17:33:19.898736 978040 aviraengine.cpp:298] SAVAPI initialized: Version : VDF version 8.20.20.132 AVE version 8.3.66.62 expire date 20240401 Signatures: 6780702 I0314 17:33:19.902573 978040 feedengine.cpp:97] Custom malware feed signatures count 0 I0314 17:33:19.902731 978040 slkavd.cpp:1551] Enabling container antivirus. I0314 17:33:19.904445 978040 enginemanagerimpl.cpp:241] Cron task started. I0314 17:33:20.327754 978397 servicemodule.cpp:269] Attempting start slkd-grpcserver I0314 17:33:20.329919 978398 forkmanager.cpp:62] Forked GRPCServer process with id: 978398 I0314 17:33:20.332770 978398 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:33:20.345314 978409 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:33:20.358036 978398 enginemanagerimpl.cpp:241] Cron task started. I0314 17:33:20.372454 978398 grpcserver.cpp:309] Server listening on unix:///opt/aquasec/audit/slkgrpc.sock I0314 17:33:22.329275 978456 servicemodule.cpp:269] Attempting start slkd-events I0314 17:33:22.331460 978457 forkmanager.cpp:62] Forked ContainerdEvtClient process with id: 978457 I0314 17:33:22.333685 978457 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:33:22.345501 978468 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:33:23.330418 978495 servicemodule.cpp:269] Attempting start slkd-events I0314 17:33:23.332513 978496 forkmanager.cpp:62] Forked CriEvtClient process with id: 978496 I0314 17:33:23.334596 978496 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:33:23.346495 978507 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:33:26.340567 973845 pkgwatcher.cpp:146] Behavioral Engine with express mode only is on, therefore module is not activated I0314 17:33:27.341789 978540 servicemodule.cpp:269] Attempting start slkd-scheduler I0314 17:33:27.344028 978541 forkmanager.cpp:62] Forked slkd-scheduler process with id: 978541 I0314 17:33:27.346278 978541 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:33:27.358218 978552 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:33:28.342470 973845 server_unix.cpp:115] /opt/aquasec/slkd started in container 2024-03-14 17:33:31.649 INFO workloads/manager.go:145 [slkcndr] [Workloads Manager] Successfully connected to gRPCServer. 2024-03-14 17:33:31.649 INFO workloads/manager.go:153 [slkcndr] [Workloads Manager] Starting in 'VM & Containers' protection mode 2024-03-14 17:33:31.649 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:31.673 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:31.721 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:31.723 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:31.724 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:31.736 INFO usecase/usecase.go:125 [slkcndr] perf buffer size set to 1024 I0314 17:33:32.348628 978657 gwclientmodule.cpp:357] Started GW client process 978657 I0314 17:33:32.355060 978657 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:33:32.367058 978657 proxyserver.cpp:37] Server listenning on unix:///opt/aquasec/audit/proxyserver.sock I0314 17:33:32.367285 978657 cmdhandler.cpp:144] Eagle monitor enabled=false I0314 17:33:32.376502 978672 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:33:32.389369 978679 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:33:32.389493 978657 grpcchannel.cpp:1238] Timeout for authentication request will range between 300 and 600 seconds I0314 17:33:32.389604 978657 grpcchannel.cpp:1241] Interval between authentication requests will range between 10 and 20 seconds I0314 17:33:32.393241 978657 grpcchannel.cpp:1026] Initiating a secure connection to a GW on address: 'd0653fe853-gw.cloud.aquasec.com:443' (timeout: 20 seconds) I0314 17:33:32.774299 978657 grpcchannel.cpp:1035] Established a secure channel to GW 'd0653fe853-gw.cloud.aquasec.com:443' I0314 17:33:32.774531 978657 grpcchannel.cpp:609] Enforcer is reopening push notification channel I0314 17:33:32.780898 978657 grpcchannel.cpp:797] Enforcer is authenticating with Gateway (timeout: 568 seconds) I0314 17:33:32.862648 978657 gwgrpcclient.cpp:375] Successfully registered in GW aqua-gateway-csp-8569b966f4-6xlm5_gateway (2402.8.22) I0314 17:33:32.865682 978657 gwgrpcclient.cpp:391] Using protocol version 1.3 I0314 17:33:32.865733 978657 gwgrpcclient.cpp:400] Workloads full sync is required I0314 17:33:32.872790 978657 grpcchannel.cpp:628] Successfully established a secure channel to Gateway 'd0653fe853-gw.cloud.aquasec.com:443' I0314 17:33:32.872977 978657 imageservice.cpp:44] Enabled multiple registries mode I0314 17:33:32.873019 978657 readiness.cpp:21] readinessProbe is enabled I0314 17:33:32.873502 978657 gwclientgrpchandler.cpp:38] GwClient gRPC handle listening at unix:///opt/aquasec/audit/gwclientgrpchandler.sock I0314 17:33:32.881042 978657 gwgrpcclient.cpp:624] Sending registration info (host.connect) I0314 17:33:32.881162 978657 gwgrpcclient.cpp:629] New GW Client Session ID: 1 I0314 17:33:32.950170 978663 cmdhandler.cpp:1326] Got GW command : 'host.sync.messages' I0314 17:33:32.957114 978663 cmdhandler.cpp:1326] Got GW command : 'host.sync.global.settings' I0314 17:33:33.171447 978679 asynchostimagelist.cpp:148] Synced Host Images with the GW. I0314 17:33:33.178898 978679 acldb_image.cpp:458] Enforcer cleaned up Repo Images table successfully I0314 17:33:33.349408 978365 workloadsmicroservice.cpp:486] Workloads Microservice succesfully connected I0314 17:33:33.349678 978365 workloadsmicroservice.cpp:543] Triggered connection monitor for workloads microservice. 2024-03-14 17:33:33.490 INFO usecase/local.go:143 [slkcndr] Succeeded to create a local connection to gwclient libbpf: prog 'trace_load_elf_phdrs': failed to create kprobe 'load_elf_phdrs+0x0' perf event: Address not available 2024-03-14 17:33:34.137 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:34.140 INFO enforcersettings/enforcersettings.go:127 [slkcndr] CNDR Telemetry is enabled 2024-03-14 17:33:34.140 INFO enforcersettings/enforcersettings.go:127 [slkcndr] Enforce Mode is enabled 2024-03-14 17:33:34.140 INFO usecase/usecase.go:261 [slkcndr] Waiting for the signature to be loaded into Tracee rules engine... 2024-03-14 17:33:34.140 INFO usecase/usecase.go:263 [slkcndr] Signatures are loaded successfully into Tracee rules engine. Starting Tracee eBPF engine... I0314 17:33:35.255658 978663 sedockercmd.cpp:6076] SeAgent::SetLightningMode: enable = true I0314 17:33:35.260669 978663 cmdhandler.cpp:1326] Got GW command : 'host.sync.policies' I0314 17:33:35.664284 978663 cmdhandler.cpp:4124] Send netfilter update_end I0314 17:33:35.667896 978663 cmdhandler.cpp:1326] Got GW command : 'cndr.config' 2024-03-14 17:33:35.671 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:35.673 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:35.675 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:35.677 INFO usecase/configmgr.go:66 [slkcndr] [Signatures Settings: TRC-115:dry TRC-146:wet TRC-33:wet TRC-113:wet TRC-143:wet TRC-177:wet TRC-25:wet TRC-82:disable TRC-1:dry TRC-15:dry TRC-170:dry TRC-80:wet TRC-84:wet TRC-100: TRC-102:disable TRC-104:wet TRC-141:wet TRC-166:dry TRC-29:wet TRC-144:wet TRC-16:dry TRC-175:dry TRC-36:wet TRC-74:wet TRC-86:wet ART-8:wet TRC-151:disable TRC-155:wet TRC-179:disable TRC-64:wet TRC-8:disable TRC-103:disable TRC-140:wet TRC-149:disable TRC-180:wet TRC-58:wet TRC-76:wet TRC-109:dry TRC-132:dry TRC-147:wet TRC-49:wet TRC-97:dry TRC-10:wet TRC-129:wet TRC-130:disable TRC-163:dry TRC-62:wet TRC-7:dry TRC-105: TRC-136:dry TRC-17:wet TRC-173:wet ART-6:wet TRC-12:disable TRC-124:dry TRC-127:wet TRC-42:disable TRC-99:dry TRC-106:wet TRC-138:wet TRC-167:wet TRC-61:wet TRC-108:dry TRC-111:disable TRC-128:dry TRC-157:wet TRC-169:dry TRC-187:dry TRC-2:wet TRC-20:dry TRC-24:wet ART-4:wet TRC-101:dry TRC-118:disable TRC-119:disable TRC-133:dry TRC-142: TRC-150:disable TRC-83:wet TRC-94:dry TRC-184:disable TRC-19:dry TRC-6:wet TRC-60:dry ART-7:wet TRC-131:disable TRC-139:dry TRC-176:dry TRC-3:wet TRC-38:wet TRC-41:wet TRC-98:dry ART-9:wet TRC-110:disable TRC-162:dry TRC-21:dry TRC-11:wet TRC-123:wet TRC-137:wet TRC-165:wet TRC-27:wet TRC-45:wet TRC-51:wet ART-2:wet TRC-148:disable TRC-197:disable TRC-47:wet TRC-67:wet TRC-114:wet TRC-116:dry TRC-28:dry TRC-122:dry TRC-154:wet TRC-182:dry TRC-35:dry TRC-37:wet TRC-66:wet ART-3:wet TRC-13:wet TRC-23:wet TRC-279:wet TRC-4:disable TRC-5:dry TRC-71:wet TRC-121:disable TRC-145:disable TRC-178:dry TRC-57:wet TRC-9:wet TRC-135:dry ART-1:wet TRC-112:wet TRC-181:wet TRC-63:wet TRC-95:wet TRH-1:dry TRC-107:dry TRC-153:wet TRC-168:disable TRC-278:wet TRC-34:wet TRC-55:dry TRC-54:dry TRC-88:wet TRC-89:wet TRC-91:dry TRC-120:dry TRC-134:dry TRC-14:wet TRC-183:dry TRC-198:disable TRH-3:dry TRC-156:wet TRC-185:wet TRC-39:dry TRC-40:wet TRC-43:wet TRC-59:wet TRC-78:wet TRC-90:wet TRC-48:wet TRC-117:dry TRC-18: TRC-188:dry TRC-191:wet TRC-30:dry TRC-96:wet TRC-22:wet TRC-26:dry TRH-2:dry ] I0314 17:33:35.678738 978663 cmdhandler.cpp:1326] Got GW command : 'host.sync.secrets' I0314 17:33:35.679124 978663 cmdhandler.cpp:1326] Got GW command : 'host.sync.settings' 2024-03-14 17:33:35.683 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:35.684 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:35.686 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:33:35.688 INFO usecase/configmgr.go:66 [slkcndr] [Signatures Settings: TRC-103:disable TRC-109:dry TRC-173:wet TRC-49:wet TRC-116:dry TRC-135:dry TRC-180:wet TRC-43:wet TRC-91:dry TRC-107:dry TRC-138:wet TRC-153:wet TRC-184:disable TRC-279:wet TRC-82:disable TRC-156:wet TRC-57:wet ART-2:wet TRC-105: TRC-36:wet TRC-84:wet TRC-30:dry TRC-11:wet TRC-111:disable TRC-122:dry TRC-147:wet TRC-157:wet TRC-198:disable TRC-127:wet TRC-141:wet TRC-163:dry TRC-21:dry TRC-62:wet TRC-96:wet TRC-86:wet TRC-1:dry TRC-18: TRC-23:wet TRC-24:wet TRC-40:wet TRC-83:wet ART-6:wet TRC-100: TRC-102:disable TRC-16:dry TRC-74:wet TRC-97:dry TRC-129:wet TRC-2:wet TRC-89:wet TRC-99:dry TRC-78:wet ART-4:wet TRC-114:wet TRC-119:disable TRC-146:wet TRC-197:disable TRC-33:wet TRC-51:wet TRC-63:wet TRC-106:wet TRC-112:wet TRC-128:dry TRC-132:dry TRC-162:dry TRC-191:wet TRC-71:wet TRC-5:dry TRC-8:disable TRC-108:dry TRC-113:wet TRC-121:disable TRC-124:dry TRC-19:dry TRC-34:wet ART-7:wet ART-8:wet TRC-134:dry TRC-139:dry TRC-14:wet TRC-185:wet TRC-123:wet TRC-179:disable TRC-47:wet TRC-55:dry TRC-60:dry TRC-90:wet TRC-95:wet TRC-143:wet TRC-26:dry TRC-76:wet TRC-80:wet TRC-64:wet TRC-133:dry TRC-155:wet TRC-17:wet TRC-176:dry TRC-181:wet TRC-35:dry TRC-88:wet TRC-131:disable TRC-149:disable TRC-15:dry TRC-167:wet TRC-188:dry TRC-25:wet TRC-117:dry TRC-142: TRC-45:wet TRC-58:wet TRC-9:wet TRC-110:disable TRC-120:dry TRC-169:dry TRC-4:disable TRC-94:dry TRC-98:dry TRC-42:disable TRC-7:dry ART-3:wet TRC-136:dry TRC-140:wet TRC-170:dry TRC-183:dry TRC-278:wet TRC-67:wet TRH-1:dry ART-9:wet TRC-13:wet TRC-168:disable TRC-27:wet TRC-39:dry TRC-61:wet TRC-166:dry TRC-178:dry TRC-41:wet TRC-130:disable TRC-29:wet TRC-28:dry TRH-3:dry TRC-101:dry TRC-118:disable TRC-137:wet TRC-145:disable TRC-150:disable TRC-154:wet TRC-66:wet TRC-175:dry TRC-20:dry TRC-37:wet TRC-38:wet TRC-48:wet TRC-54:dry TRH-2:dry TRC-144:wet TRC-165:wet TRC-187:dry TRC-22:wet TRC-3:wet TRC-59:wet TRC-10:wet TRC-182:dry TRC-104:wet TRC-12:disable TRC-151:disable TRC-6:wet ART-1:wet TRC-115:dry TRC-148:disable TRC-177:wet ] I0314 17:33:35.691069 978663 sedockercmd.cpp:6453] Host forensics is disabled I0314 17:33:35.700521 978663 sedockercmd.cpp:6520] Container forensics is disabled 2024-03-14 17:33:35.705 INFO enforcersettings/enforcersettings.go:105 [slkcndr] Reloading Enforce Mode setting... 2024-03-14 17:33:35.705 INFO enforcersettings/enforcersettings.go:127 [slkcndr] Enforce Mode is enabled I0314 17:33:35.706270 978663 connectionmonitorservice.cpp:31] Registering a new monitoring event I0314 17:33:35.706992 978663 cmdhandler.cpp:1326] Got GW command : 'litesync.update.cache' I0314 17:33:35.710620 978663 asyncgethostimagesrecord.cpp:233] Lite Sync Finished. Synced: 30 images. I0314 17:33:35.710645 978366 workloadsmicroservice.cpp:893] Syncing Workloads Microservice (full sync is required). I0314 17:33:35.773470 978663 cmdhandler.cpp:1326] Got GW command : 'host.sync.secrets' [slkaudit] 2024/03/14 17:33:42 Trying to connect to GW via gRPC and address d0653fe853-gw.cloud.aquasec.com:443 I0314 17:33:47.882501 978663 gwgrpcclient.cpp:1168] Readiness probe status set to 'ready' 2024-03-14 17:33:50.415 INFO usecase/cloud.go:321 [slkcndr] Retrying unary method /cndrcloud.CndrCloud/ReportFindings after re-fetching jwt [slkaudit] 2024/03/14 17:33:52 Successfully connected to gateway via gRPC: AuditV2 2024-03-14 17:36:05.357 INFO eventsmanager/events.go:119 [slkcndr] [End of re-sending of events from database] 2024-03-14 17:36:05.357 INFO eventsmanager/audits.go:103 [slkcndr] [End of re-sending of audits from database] I0314 17:37:25.427950 978663 cmdhandler.cpp:1326] Got GW command : 'lite.repo.images.add' I0314 17:42:23.768491 978663 cmdhandler.cpp:1326] Got GW command : 'lite.repo.images.add'