kubectl logs -n aqua aqua-enforcer-ds-8glk2 Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' Get mount info, cgroup path: '/host/sys/fs/cgroup/systemd', proc path: '/host/proc' I0314 17:51:51.849514 2196206 seagent.cpp:327] Aqua Security 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:53:58 I0314 17:51:51.849644 2196206 miscfunc.cpp:930] Agent container id found: 1467250d7aa6231a62a4ad405bc85d0c480ab6bd79b6ca6b8d14ba0f0d44e4df I0314 17:51:51.849670 2196206 seagent.cpp:1151] Container id: 1467250d7aa6231a62a4ad405bc85d0c480ab6bd79b6ca6b8d14ba0f0d44e4df I0314 17:51:51.849694 2196206 seagent.cpp:1162] Installation directory: /var/lib/aquasec I0314 17:51:51.849726 2196206 seagent.cpp:1186] Installation mode: service I0314 17:51:51.855702 2196206 miscfunc.cpp:585] Get local hostIPs count is 3. I0314 17:51:51.855844 2196206 server_unix.cpp:465] utls_net.c:729] Get physical IP, netpath=/host/sys/class/net, filesCount=24, rc=0 I0314 17:51:51.855945 2196206 server_unix.cpp:465] utls_net.c:755] Get physical IP, netpath=/host/sys/class/net, ifr_name=eth1 , ip=10.0.128.137 I0314 17:51:51.856060 2196206 server_unix.cpp:465] utls_net.c:755] Get physical IP, netpath=/host/sys/class/net, ifr_name=eth2 , ip=10.0.154.61 I0314 17:51:51.856118 2196206 server_unix.cpp:465] utls_net.c:755] Get physical IP, netpath=/host/sys/class/net, ifr_name=eth0 , ip=10.0.149.125 I0314 17:51:51.856177 2196206 miscfunc.cpp:627] Get physical hostIPs count is 3, inCont=true I0314 17:51:51.870048 2196206 acldb.cpp:1676] Using Repo Images DB version no. 21 I0314 17:51:51.890762 2196206 seagent.cpp:10135] Core file pattern 'core ' I0314 17:51:51.890941 2196206 seagent.cpp:5437] Host id: Host name : ip-10-0-149-125.us-west-2.compute.internal Host short name : ip-10-0-149-125 Host IPs : '10.0.149.125' '10.0.128.137' '10.0.154.61' Host physical IP: '10.0.128.137' '10.0.154.61' '10.0.149.125' Host MAC : 02-30-82-41-0D-81 I0314 17:51:51.891157 2196206 seagent.cpp:1221] Host system: Pretty name : 'Amazon Linux 2' Short name : 'Amazon Linux' Id : 'amzn' Like : 'centos rhel fedora' Version : '2' Kernel : '5.10.209-198.858.amzn2.x86_64' I0314 17:51:51.891436 2196206 preloadaux.cpp:1767] Get target fs type found fsname=/dev/nvme0n1p1 dir=/ type=xfs I0314 17:51:51.891491 2196206 preloadaux.cpp:1660] V2. Find target FS dev major=259 minor=1 mnt_type=xfs rc=0 dev_path=/dev/nvme0n1p1 E0314 17:51:51.892853 2196206 server_unix.cpp:459] smsg_internal.c:51] Failed to find file '/opt/aquasec/messages/CUSTOM/aquamsg.txt' I0314 17:51:51.892910 2196206 preloadaux.cpp:2050] calling init search dl paths I0314 17:51:51.892935 2196206 preloadaux.cpp:2060] Search libdl in the paths: '/lib' '/lib64' '/lib/x86_64-linux-gnu/' '/lib64/x86_64-linux-gnu/' '/lib/i386-linux-gnu/' I0314 17:51:51.892961 2196206 preloadaux.cpp:2075] Search libc library in the paths: '/lib' '/lib64' '/lib/x86_64-linux-gnu/' '/lib64/x86_64-linux-gnu/' '/lib/i386-linux-gnu/' I0314 17:51:51.892984 2196206 seagent.cpp:872] done calling init search libraries paths I0314 17:51:51.893039 2196206 seagent.cpp:904] Set environment 32 bit support is on I0314 17:51:51.895084 2196206 seagent.cpp:4443] Using node name: ip-10-0-149-125.us-west-2.compute.internal I0314 17:51:51.895213 2196206 seagent.cpp:3181] Risk explorer auto discovery is disabled I0314 17:51:51.904582 2196206 seagent.cpp:4547] Lightning mode is enabled I0314 17:51:51.906318 2196206 seagent.cpp:4638] Enforcer will not verify the peer's certificate, please set AQUA_TLS_VERIFY=true to enable certificate verification I0314 17:51:51.906421 2196206 seagent.cpp:1280] Image service multi registries mode: enabled I0314 17:51:51.906577 2196206 seagent.cpp:1874] Enforcer is running in OPEN mode. I0314 17:51:51.906605 2196206 seagent.cpp:1462] Enforcer is running in 'Network' CLOSE mode. I0314 17:51:51.916361 2196206 seagent.cpp:2442] DiscoverEngineSockets: found process name: kubelet pid: 3232 socket: unix:///run/containerd/containerd.sock I0314 17:51:51.917150 2196206 seagent.cpp:2457] Found engine: containerd socket: 'unix:///run/containerd/containerd.sock' I0314 17:51:51.917340 2196206 seagent.cpp:2342] Assuming containerd environment I0314 17:51:51.918503 2196206 seagent.cpp:1571] Memory pressure is not configured. No Memory Cap is configured. I0314 17:51:51.919466 2196206 udslite.cpp:30] Increasing socket buffer 'SO_RCVBUF' to 524288 bytes I0314 17:51:51.919577 2196206 udslite.cpp:65] Increased 'SO_RCVBUF' to 1048576 bytes I0314 17:51:51.919616 2196206 udslite.cpp:30] Increasing socket buffer 'SO_SNDBUF' to 524288 bytes I0314 17:51:51.919636 2196206 udslite.cpp:65] Increased 'SO_SNDBUF' to 1048576 bytes I0314 17:51:51.919823 2196206 seagent.cpp:2987] Setting CRI runtime endpoint to /run/containerd/containerd.sock I0314 17:51:51.919857 2196206 seagent.cpp:1950] Running on Kubernetes node I0314 17:51:52.013428 2196206 cloudvendor.cpp:394] VM cloud information: VM Cloud vendor : AWS VM Account : 867286930927 VM ID : i-0963ef0fa6ff4b293 VM Image ID : ami-0b07a2da5dd461a23 VM Location : us-west-2 VM Private ip(s) : 10.0.149.125 VM Security group(s) : eks-cluster-sg-eks-x86-us-west-2-1-28-blueprint-1740499191 I0314 17:51:55.277570 2196206 getbundlepath.cpp:255] Runc bundle prefix path='/run/containerd/io.containerd.runtime.v2.task/k8s.io' bundle suffix path=' I0314 17:51:55.279641 2196206 seagent.cpp:5602] Fanotify is supported. I0314 17:51:55.279784 2196206 seagent.cpp:5622] Set runc_interception_mode fanotify. I0314 17:51:55.284006 2199113 seagent.cpp:9791] Run PAM script '/var/lib/aquasec/config_pam_aquasec.sh' I0314 17:51:55.646667 2196206 seagent.cpp:3044] CRI info: CRI server version : 1.7.11 CRI api version : v1 E0314 17:51:59.189145 2196206 cndrcmds.cpp:233] Could not notify about workloads contexts update: failed to connect to all addresses W0314 17:51:59.189450 2196206 sedockercmd.cpp:2547] Container workloads have not been notified about their contexts I0314 17:51:59.189680 2196206 seagent.cpp:1851] Secrets feature: enabled I0314 17:51:59.190739 2196206 seagent.cpp:4696] Set environment variable 'SLKD_OSVERSION_ID=amzn I0314 17:51:59.190771 2196206 seagent.cpp:4703] Set environment variable 'SLKD_OSVERSION_NUM=2 I0314 17:51:59.190796 2196206 seagent.cpp:4713] Set environment variable 'SLKD_PID=2196206 I0314 17:51:59.190822 2196206 seagent.cpp:4721] Set environment variable 'SLKD_CONTAINER_ID=1467250d7aa6231a62a4ad405bc85d0c480ab6bd79b6ca6b8d14ba0f0d44e4df I0314 17:51:59.190848 2196206 seagent.cpp:4745] Set environment variable 'SLKD_AV_PROTECTION=true I0314 17:51:59.190904 2196206 seagent.cpp:4784] Set environment variable 'SLKD_RUNTIME_ENGINE=containerd' I0314 17:51:59.190955 2196206 seagent.cpp:4794] Set environment variable 'SLKD_RUNTIME_ENDPOINT=/run/containerd/containerd.sock' I0314 17:51:59.191004 2196206 seagent.cpp:4814] Set environment variable 'SLKD_RUNC_FANOTIFY_INTERCEPTION=true' I0314 17:51:59.191048 2196206 seagent.cpp:4824] Set environment variable 'SLKD_RUNC_BUNDLE_PREFIX=/run/containerd/io.containerd.runtime.v2.task/k8s.io' I0314 17:51:59.191109 2196206 seagent.cpp:4844] Set environment variable 'SLKD_RUNC_PATH=/usr/sbin/runc' I0314 17:51:59.191150 2196206 seagent.cpp:4854] Set environment variable 'SLKD_RUNC_ROOT_PATH=/run/containerd/runc/k8s.io/' I0314 17:51:59.191193 2196206 seagent.cpp:4871] Set environment variable 'SLKD_CONTAINERIZED=true' I0314 17:51:59.191218 2196206 seagent.cpp:4877] Set environment variable 'SLKD_EXEC_CACHE=true' I0314 17:51:59.191238 2196206 seagent.cpp:4883] Set environment variable 'SLKD_INTERCEPTOR_FAILOPEN=false' I0314 17:51:59.191262 2196206 seagent.cpp:4889] Set environment variable 'SLKD_INTERCEPTOR_INTERVAL_FAILOPEN=5' I0314 17:51:59.191289 2196206 seagent.cpp:4903] Set environment variable 'SLKD_CRIAPI_V1=1 I0314 17:51:59.191314 2196206 seagent.cpp:4948] Set environment variable 'SLKD_PRIVILEGED=false' I0314 17:51:59.192345 2196206 runcinterceptor.cpp:83] Using fanotify slkinterceptor-lite I0314 17:51:59.192508 2200671 servicemodule.cpp:269] Attempting start slkd-hostproc I0314 17:51:59.194305 2200672 forkmanager.cpp:62] Forked slkhostproc process with id: 2200672 [slkhostproc] 2024/03/14 17:51:59 slkhostproc version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkhostproc] 2024/03/14 17:51:59 grpc server socket is : /var/lib/aquasec/audit/slkhostproc.sock I0314 17:52:00.193317 2200679 servicemodule.cpp:269] Attempting start slkd-audit I0314 17:52:00.195055 2200680 forkmanager.cpp:62] Forked slkaudit process with id: 2200680 [slkaudit] 2024/03/14 17:52:00 slkaudit version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 I0314 17:52:01.194698 2200723 servicemodule.cpp:269] Attempting start slkcndr I0314 17:52:01.195400 2200724 forkmanager.cpp:62] Forked slkcndr process with id: 2200724 2024-03-14 17:52:01.217 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:01.219 INFO app/app.go:122 [slkcndr] Using address d0653fe853-gw.cloud.aquasec.com:443 2024-03-14 17:52:01.220 INFO usecase/cloud.go:210 [slkcndr] Connection established with remote server d0653fe853-gw.cloud.aquasec.com:443 2024-03-14 17:52:01.221 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:01.224 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:01.226 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:01.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-9 2024-03-14 17:52:01.227 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-167 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-90 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-99 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-17 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-185 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-23 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-37 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-134 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-157 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-27 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-5 2024-03-14 17:52:01.228 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-97 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-115 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-80 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-48 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-11 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-112 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-127 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-33 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-36 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-66 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-61 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-104 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-181 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-35 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-40 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-116 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-135 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-153 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-183 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-3 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-143 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-20 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-45 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-60 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-25 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-76 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-3 2024-03-14 17:52:01.229 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-108 2024-03-14 17:52:01.234 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-55 2024-03-14 17:52:01.235 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-63 2024-03-14 17:52:01.235 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-94 2024-03-14 17:52:01.235 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-114 2024-03-14 17:52:01.235 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-128 2024-03-14 17:52:01.235 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-175 2024-03-14 17:52:01.235 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-180 2024-03-14 17:52:01.235 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-47 2024-03-14 17:52:01.235 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-106 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-166 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-101 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-163 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-4 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-57 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-14 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-173 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-7 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-13 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-156 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-162 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-191 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-71 2024-03-14 17:52:01.236 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-38 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-54 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-67 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-51 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-113 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-133 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-177 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-39 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-41 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-96 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-2 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-137 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-155 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-187 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-84 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-141 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-165 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-30 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-64 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-122 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-178 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-6 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-62 2024-03-14 17:52:01.237 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-139 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-146 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-154 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-22 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-7 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-109 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-132 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-147 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-176 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-78 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRH-1 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-43 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-140 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-169 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-34 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-74 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-9 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-98 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-120 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-138 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-3 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-89 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-2 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-6 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-123 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-129 2024-03-14 17:52:01.238 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-16 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-83 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-170 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-188 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-24 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-91 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-8 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-107 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-2 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-26 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-95 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-59 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-144 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-15 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-19 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-21 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-28 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-29 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-88 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id ART-1 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-1 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-10 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-182 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-49 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-58 2024-03-14 17:52:01.239 INFO usecase/configmgr.go:314 [slkcndr] Successfully loaded signature with id TRC-86 2024-03-14 17:52:01.239 INFO eventsmanager/eventsmanager.go:227 [slkcndr] [Starting Events Manager...] 2024-03-14 17:52:01.239 INFO db/db.go:28 [slkcndr] Opening database file /data/cndr_events.db 2024-03-14 17:52:01.240 INFO eventsmanager/audits.go:87 [slkcndr] [Starting re-sending of audits from database...] 2024-03-14 17:52:01.240 INFO workloads/manager.go:138 [slkcndr] [Workloads Manager] Attempting Connection to gRPCServer. 2024-03-14 17:52:01.240 INFO eventsmanager/events.go:92 [slkcndr] [Starting re-sending of events from database...] I0314 17:52:02.197628 2196206 runcinterceptor.cpp:53] Behavioral Engine with express mode only is on, therefore module is not activated [slkaudit] 2024/03/14 17:52:02 Trying to connect to GW via gRPC and address d0653fe853-gw.cloud.aquasec.com:443 I0314 17:52:03.198798 2201265 servicemodule.cpp:269] Attempting start slkd-ocicfg I0314 17:52:03.200562 2201266 forkmanager.cpp:62] Forked slkocicfg process with id: 2201266 [slkocicfg] 2024/03/14 17:52:03 slkocicfg version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkocicfg] 2024/03/14 17:52:03 CRI API v1 version is supported? true [slkocicfg] 2024/03/14 17:52:03 Runtime Endpoint socket is : /run/containerd/containerd.sock, engine is: containerd [slkocicfg] 2024/03/14 17:52:03 containerd version is : 1.7.11 I0314 17:52:04.200067 2196206 pkgquerymodule.cpp:71] Behavioral Engine with express mode only is on, therefore module is not activated I0314 17:52:05.201292 2201345 servicemodule.cpp:269] Attempting start slkd-scan I0314 17:52:05.203055 2201346 forkmanager.cpp:62] Forked slkscan process with id: 2201346 [slkscan] 2024/03/14 17:52:05 slkscan version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkscan] 2024/03/14 17:52:05 Starting Server.... [slkscan] 2024/03/14 17:52:05 Starting Scan Manager .... [slkscan] 2024/03/14 17:52:05 Starting Host Assurance Manager .... [slkscan] 2024/03/14 17:52:05 Intializing scanners .... [slkscan] 2024/03/14 17:52:05 Intializing scanner .... [slkscan] 2024/03/14 17:52:05 Intializing scanner .... [slkscan] 2024/03/14 17:52:05 Intializing scanner .... [slkscan] 2024/03/14 17:52:05 Intializing scanner .... [slkscan] 2024/03/14 17:52:05 Intializing scanner .... I0314 17:52:06.202394 2201401 servicemodule.cpp:269] Attempting start HostSecModule I0314 17:52:06.204227 2201402 forkmanager.cpp:62] Forked slkhostsecd process with id: 2201402 I0314 17:52:06.236407 2201402 procsmap.cpp:182] check system 'CONFIG_PROC_EVENTS' returned 'e' I0314 17:52:06.238186 2201402 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:52:06.243227 2201402 slkhostsecd.cpp:164] fanotify is supported I0314 17:52:06.243275 2201402 filenotify.cpp:255] slkhostsecd is running in container, db path '/var/lib/aquasec/data' I0314 17:52:06.243326 2201402 filenotify.cpp:1665] Package manager detected. path: /var/lib/rpm I0314 17:52:06.243356 2201402 filenotify.cpp:278] Capability CAP_LINUX_IMMUTABLE is not supported, blocked files may be deleted E0314 17:52:06.417480 2201403 cndrcmds.cpp:233] Could not notify about workloads contexts update: failed to connect to all addresses W0314 17:52:06.417724 2201403 sedockercmd.cpp:8363] Workload '__HOST__' has not been notified about its context I0314 17:52:06.417954 2201415 slkhostsecd.cpp:1035] User activity trace enable ok. E0314 17:52:06.420310 2201403 sedockerav.cpp:37] Failed to connect to /opt/aquasec/audit/slkavd.sock, error: Connection refused I0314 17:52:07.206918 2201429 servicemodule.cpp:269] Attempting start Avdmodule I0314 17:52:07.207688 2201430 forkmanager.cpp:62] Forked slkavd process with id: 2201430 I0314 17:52:07.222347 2201430 slkavd.cpp:170] Set environment variable AQUA_PROXYLITE_USE_MAX_CORES=true I0314 17:52:07.222409 2201430 slkavd.cpp:714] Using scan engine Avira I0314 17:52:07.223378 2201430 aviraengine.cpp:704] SAVAPI version 4.15.16.62 I0314 17:52:07.224337 2201430 slkavd.cpp:238] slkavd is running in container, db path '/var/lib/aquasec/data' I0314 17:52:07.239305 2201430 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 4 max:8 I0314 17:52:07.265419 2201430 slkavd.cpp:1509] Enabling host antivirus. I0314 17:52:08.207971 2196206 livenessmodule.cpp:64] livenessProbe is enabled I0314 17:52:08.208120 2201680 servicemodule.cpp:269] Attempting start slk-healthz I0314 17:52:08.210253 2201681 forkmanager.cpp:62] Forked slkhealthz process with id: 2201681 I0314 17:52:09.209045 2196206 definitions.hpp:145] Health probe is supported in this environment I0314 17:52:09.209355 2201688 servicemodule.cpp:269] Attempting start slkd-healthprobe I0314 17:52:09.211369 2201689 forkmanager.cpp:62] Forked health-probe process with id: 2201689 I0314 17:52:09.212745 2201689 healthprobe.cpp:51] Created health probe config json file '/opt/aquasec/tmp/health/config.json' I0314 17:52:09.213039 2201689 healthconfigloader.cpp:55] No change in health probe configuration - nothing to do I0314 17:52:09.214231 2201689 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:52:09.227134 2201689 enginemanagerimpl.cpp:241] Cron task started. I0314 17:52:09.227197 2201689 modulehealthcontroller.cpp:58] Successfully created channel to slkd-grpcserver. E2E Sanity Check initiated I0314 17:52:10.210171 2201711 servicemodule.cpp:269] Attempting start slkd-logcollector I0314 17:52:10.216112 2201712 forkmanager.cpp:62] Forked log-collector process with id: 2201712 I0314 17:52:10.218624 2201712 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:52:11.210564 2196206 netfiltermodule.cpp:48] Behavioral Engine with express mode only is on, therefore module is not activated [slkhealthz] 2024/03/14 17:52:11 slkhealthz version 2022.4.460.38245 commit d391df84f2 compiled Dec 11 2023 13:54:07 [slkhealthz] 2024/03/14 17:52:11 Health & Readiness monitors start listen to 0.0.0.0:8096 I0314 17:52:12.054359 2201430 aviraengine.cpp:374] Successfully merged xVDF files [slkaudit] 2024/03/14 17:52:12 Successfully connected to gateway via gRPC: AuditV2 I0314 17:52:13.214488 2201742 servicemodule.cpp:269] Attempting start slkd-watchdog I0314 17:52:13.216604 2201743 forkmanager.cpp:62] Forked Watchdog process with id: 2201743 I0314 17:52:14.224124 2201744 servicemodule.cpp:269] Attempting start slkd-workloads-microservice I0314 17:52:14.230819 2201745 forkmanager.cpp:62] Forked slkd-workloads-microservice process with id: 2201745 I0314 17:52:14.232131 2201745 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:52:14.240146 2201745 workloadsgrpchandler.cpp:50] Workloads audit gRPC server listening at unix:///opt/aquasec/audit/workloadsauditservice.sock I0314 17:52:14.240386 2201745 enginemanagerimpl.cpp:241] Cron task started. I0314 17:52:14.256047 2201745 workloadsmicroservice.cpp:268] Initialized workloads microservice. I0314 17:52:15.225064 2201786 servicemodule.cpp:269] Attempting start slkd-secrets-vault I0314 17:52:15.227350 2201787 forkmanager.cpp:62] Forked slkd-secrets-vault process with id: 2201787 I0314 17:52:15.229980 2201787 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:52:15.242784 2201787 enginemanagerimpl.cpp:241] Cron task started. I0314 17:52:15.243041 2201787 secretsvaultmicroservice.cpp:78] Initialized secrets vault microservice. I0314 17:52:16.225715 2201837 servicemodule.cpp:269] Attempting start slkd-grpcserver I0314 17:52:16.227779 2201838 forkmanager.cpp:62] Forked GRPCServer process with id: 2201838 I0314 17:52:16.230393 2201838 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:52:16.253266 2201849 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:52:16.255057 2201838 enginemanagerimpl.cpp:241] Cron task started. I0314 17:52:16.267410 2201838 grpcserver.cpp:309] Server listening on unix:///opt/aquasec/audit/slkgrpc.sock I0314 17:52:17.176519 2201430 aviraengine.cpp:298] SAVAPI initialized: Version : VDF version 8.20.19.244 AVE version 8.3.66.62 expire date 20240401 Signatures: 7001759 I0314 17:52:17.182315 2201430 feedengine.cpp:97] Custom malware feed signatures count 0 I0314 17:52:17.182595 2201430 slkavd.cpp:1551] Enabling container antivirus. I0314 17:52:17.184785 2201430 enginemanagerimpl.cpp:241] Cron task started. 2024-03-14 17:52:17.625 INFO workloads/manager.go:145 [slkcndr] [Workloads Manager] Successfully connected to gRPCServer. 2024-03-14 17:52:17.625 INFO workloads/manager.go:153 [slkcndr] [Workloads Manager] Starting in 'VM & Containers' protection mode 2024-03-14 17:52:17.626 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:17.657 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:17.834 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:17.836 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:17.838 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:17.851 INFO usecase/usecase.go:125 [slkcndr] perf buffer size set to 1024 I0314 17:52:18.226433 2201881 servicemodule.cpp:269] Attempting start slkd-events I0314 17:52:18.228518 2201882 forkmanager.cpp:62] Forked ContainerdEvtClient process with id: 2201882 I0314 17:52:18.230791 2201882 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:52:18.243598 2201893 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:52:19.233338 2201902 servicemodule.cpp:269] Attempting start slkd-events I0314 17:52:19.246387 2201903 forkmanager.cpp:62] Forked CriEvtClient process with id: 2201903 I0314 17:52:19.248543 2201903 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:52:19.261874 2201914 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. 2024-03-14 17:52:19.749 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:19.750 INFO enforcersettings/enforcersettings.go:127 [slkcndr] CNDR Telemetry is enabled 2024-03-14 17:52:19.751 INFO enforcersettings/enforcersettings.go:127 [slkcndr] Enforce Mode is enabled 2024-03-14 17:52:19.751 INFO usecase/usecase.go:261 [slkcndr] Waiting for the signature to be loaded into Tracee rules engine... 2024-03-14 17:52:19.751 INFO usecase/usecase.go:263 [slkcndr] Signatures are loaded successfully into Tracee rules engine. Starting Tracee eBPF engine... I0314 17:52:22.231045 2196206 pkgwatcher.cpp:146] Behavioral Engine with express mode only is on, therefore module is not activated I0314 17:52:23.232224 2202055 servicemodule.cpp:269] Attempting start slkd-scheduler I0314 17:52:23.234395 2202056 forkmanager.cpp:62] Forked slkd-scheduler process with id: 2202056 I0314 17:52:23.236505 2202056 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:52:23.248852 2202067 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:52:24.233594 2196206 server_unix.cpp:115] /opt/aquasec/slkd started in container I0314 17:52:28.237660 2202194 gwclientmodule.cpp:357] Started GW client process 2202194 I0314 17:52:28.243301 2202194 enginemanagerimpl.cpp:423] EngineManagerImpl::init_workers: 2 max:8 I0314 17:52:28.254796 2202194 proxyserver.cpp:37] Server listenning on unix:///opt/aquasec/audit/proxyserver.sock I0314 17:52:28.254889 2202194 cmdhandler.cpp:144] Eagle monitor enabled=false I0314 17:52:28.275036 2202210 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:52:28.276890 2202194 grpcchannel.cpp:1238] Timeout for authentication request will range between 300 and 600 seconds I0314 17:52:28.276957 2202194 grpcchannel.cpp:1241] Interval between authentication requests will range between 10 and 20 seconds I0314 17:52:28.277837 2202194 grpcchannel.cpp:1026] Initiating a secure connection to a GW on address: 'd0653fe853-gw.cloud.aquasec.com:443' (timeout: 20 seconds) I0314 17:52:28.279448 2202217 enginemanagerimpl.cpp:79] Started Async Completion Queue thread. I0314 17:52:28.594650 2202194 grpcchannel.cpp:1035] Established a secure channel to GW 'd0653fe853-gw.cloud.aquasec.com:443' I0314 17:52:28.594843 2202194 grpcchannel.cpp:609] Enforcer is reopening push notification channel I0314 17:52:28.600863 2202194 grpcchannel.cpp:797] Enforcer is authenticating with Gateway (timeout: 367 seconds) I0314 17:52:28.676963 2202194 gwgrpcclient.cpp:375] Successfully registered in GW aqua-gateway-csp-8569b966f4-6xlm5_gateway (2402.8.22) I0314 17:52:28.678239 2202194 gwgrpcclient.cpp:391] Using protocol version 1.3 I0314 17:52:28.678288 2202194 gwgrpcclient.cpp:400] Workloads full sync is required I0314 17:52:28.680857 2202194 grpcchannel.cpp:628] Successfully established a secure channel to Gateway 'd0653fe853-gw.cloud.aquasec.com:443' I0314 17:52:28.681082 2202194 imageservice.cpp:44] Enabled multiple registries mode I0314 17:52:28.681140 2202194 readiness.cpp:21] readinessProbe is enabled I0314 17:52:28.681612 2202194 gwclientgrpchandler.cpp:38] GwClient gRPC handle listening at unix:///opt/aquasec/audit/gwclientgrpchandler.sock I0314 17:52:28.686635 2202194 gwgrpcclient.cpp:624] Sending registration info (host.connect) I0314 17:52:28.686753 2202194 gwgrpcclient.cpp:629] New GW Client Session ID: 1 I0314 17:52:28.770191 2202200 cmdhandler.cpp:1326] Got GW command : 'host.sync.global.settings' I0314 17:52:28.999002 2202217 asynchostimagelist.cpp:148] Synced Host Images with the GW. I0314 17:52:28.999840 2202217 acldb_image.cpp:458] Enforcer cleaned up Repo Images table successfully I0314 17:52:29.253666 2201747 workloadsmicroservice.cpp:486] Workloads Microservice succesfully connected I0314 17:52:29.254354 2201747 workloadsmicroservice.cpp:543] Triggered connection monitor for workloads microservice. I0314 17:52:31.887244 2202200 sedockercmd.cpp:6076] SeAgent::SetLightningMode: enable = true I0314 17:52:31.890769 2202200 cmdhandler.cpp:1326] Got GW command : 'host.sync.messages' I0314 17:52:31.900265 2202200 cmdhandler.cpp:1326] Got GW command : 'host.sync.policies' I0314 17:52:32.526666 2202200 cmdhandler.cpp:4124] Send netfilter update_end I0314 17:52:32.529358 2202200 cmdhandler.cpp:1326] Got GW command : 'analyzer.scan' I0314 17:52:32.529654 2202200 cmdhandler.cpp:1326] Got GW command : 'host.malware.scan' [slkscan] 2024/03/14 17:52:32 Starting host scan I0314 17:52:32.531297 2202200 cmdhandler.cpp:1326] Got GW command : 'host.sync.secrets' I0314 17:52:32.535826 2202320 ondemandscan.cpp:328] Start malware filesystem scan policy Default I0314 17:52:32.537446 2202321 ondemandscan.cpp:328] Start malware filesystem scan policy Malware-Default-Policy I0314 17:52:32.543170 2202200 cmdhandler.cpp:1326] Got GW command : 'network.cryptoblacklist.start' [slkscan] 2024/03/14 17:52:32 Scan command args: [--root / --host --packages --outfile /var/lib/aquasec/tmp/analyzer_aTSQXdmQ.json --exclude-paths /var/lib/containers;/run/containerd;/var/run/containers;/var/lib/docker;/var/lib/containerd;/sysroot/ostree/deploy/rhcos//var/lib/containers;/sysroot/ostree/deploy/rhcos//run/containerd;/sysroot/ostree/deploy/rhcos//var/run/containers;/sysroot/ostree/deploy/rhcos//var/lib/docker;/sysroot/ostree/deploy/rhcos//var/lib/containerd;/var/lib/nfs/rpc_pipefs] I0314 17:52:32.601081 2202200 cmdhandler.cpp:1326] Got GW command : 'network.cryptoblacklist' I0314 17:52:32.651005 2202200 cmdhandler.cpp:1326] Got GW command : 'network.cryptoblacklist.end' 2024-03-14 17:52:32.652 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db I0314 17:52:32.669907 2202200 cmdhandler.cpp:1326] Got GW command : 'host.sync.global.settings' E0314 17:52:35.243841 2201788 gw_client.clientservice.proxylite.pb.cc:506] Timeout exceeded for rpc: (call id 1 procedure id 2) Service name GwClient E0314 17:52:35.243934 2201788 secretsvaultmicroservice.cpp:208] Failed to get secrets from GWClient I0314 17:52:36.211795 2202200 sedockercmd.cpp:6076] SeAgent::SetLightningMode: enable = true I0314 17:52:36.214253 2202200 cmdhandler.cpp:1326] Got GW command : 'network.dnsblacklist.start' I0314 17:52:36.268110 2202200 cmdhandler.cpp:1326] Got GW command : 'network.dnsblacklist' I0314 17:52:36.324091 2202200 cmdhandler.cpp:1326] Got GW command : 'network.dnsblacklist' I0314 17:52:36.381772 2202200 cmdhandler.cpp:1326] Got GW command : 'network.dnsblacklist' I0314 17:52:36.385957 2202200 cmdhandler.cpp:1326] Got GW command : 'network.dnsblacklist.end' 2024-03-14 17:52:36.386 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db I0314 17:52:36.422158 2202200 cmdhandler.cpp:1326] Got GW command : 'cndr.config' 2024-03-14 17:52:36.424 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:36.426 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:36.427 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:36.428 INFO usecase/configmgr.go:66 [slkcndr] [Signatures Settings: ART-1:wet TRC-133:dry TRC-141:wet TRC-176:dry TRC-25:wet TRC-61:wet TRC-99:dry ART-2:wet TRC-150:disable TRC-183:dry TRC-84:wet TRC-91:dry TRC-106:wet TRC-123:wet TRC-181:wet TRC-54:dry TRC-8:disable TRC-96:wet TRC-27:wet TRC-113:wet TRC-137:wet TRC-146:wet TRC-173:wet TRC-188:dry TRC-198:disable TRC-2:wet TRC-278:wet TRC-3:wet TRC-9:wet TRC-94:dry TRC-97:dry TRC-98:dry TRC-105: TRC-22:wet TRC-88:wet ART-8:wet TRC-33:wet TRC-59:wet TRC-130:disable TRC-136:dry TRC-57:wet TRC-60:dry TRC-66:wet ART-3:wet TRC-103:disable TRC-104:wet TRC-58:wet TRC-121:disable TRC-148:disable TRC-7:dry ART-6:wet TRC-109:dry TRC-162:dry TRC-187:dry TRC-23:wet TRC-48:wet TRC-63:wet TRH-2:dry TRC-139:dry TRC-177:wet TRC-178:dry TRC-19:dry TRC-47:wet TRC-108:dry TRC-13:wet TRC-170:dry TRC-36:wet TRC-5:dry TRC-117:dry TRC-134:dry TRC-18: TRC-184:disable TRC-67:wet TRC-132:dry TRC-166:dry TRC-168:disable TRC-26:dry TRC-102:disable TRC-116:dry TRC-131:disable TRC-154:wet TRC-86:wet TRC-112:wet TRC-182:dry TRC-197:disable TRC-42:disable TRC-78:wet TRC-127:wet TRC-145:disable TRC-147:wet TRC-153:wet TRC-163:dry TRC-17:wet TRC-49:wet TRC-83:wet TRC-89:wet ART-9:wet TRC-12:disable TRC-122:dry TRC-40:wet TRC-76:wet TRC-80:wet TRC-128:dry TRC-129:wet TRC-165:wet TRC-180:wet TRC-30:dry TRC-62:wet TRC-135:dry TRC-138:wet TRC-15:dry TRC-167:wet TRC-34:wet TRC-37:wet TRC-71:wet TRC-143:wet TRC-38:wet TRC-64:wet TRC-90:wet TRC-119:disable TRC-175:dry TRC-41:wet TRH-3:dry ART-4:wet TRC-115:dry TRC-169:dry TRC-191:wet TRC-24:wet TRC-279:wet TRC-74:wet TRC-111:disable TRC-21:dry TRC-51:wet TRC-11:wet TRC-124:dry TRC-157:wet TRC-16:dry TRC-28:dry TRC-4:disable TRC-100: TRC-110:disable TRC-156:wet TRC-95:wet TRH-1:dry TRC-118:disable TRC-142: TRC-144:wet TRC-35:dry TRC-39:dry TRC-1:dry TRC-120:dry TRC-149:disable TRC-151:disable TRC-101:dry TRC-14:wet TRC-82:disable ART-7:wet TRC-107:dry TRC-140:wet TRC-179:disable TRC-185:wet TRC-20:dry TRC-6:wet TRC-114:wet TRC-29:wet TRC-55:dry TRC-10:wet TRC-155:wet TRC-43:wet TRC-45:wet ] I0314 17:52:36.430490 2202200 cmdhandler.cpp:1326] Got GW command : 'host.sync.malwareupdate' I0314 17:52:36.433531 2202200 cmdhandler.cpp:1326] Got GW command : 'network.ipblacklist.start' I0314 17:52:36.464143 2202200 cmdhandler.cpp:1326] Got GW command : 'network.ipblacklist' I0314 17:52:36.519644 2202200 cmdhandler.cpp:1326] Got GW command : 'network.ipblacklist' I0314 17:52:36.528252 2202200 cmdhandler.cpp:1326] Got GW command : 'network.ipblacklist.end' 2024-03-14 17:52:36.528 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db I0314 17:52:36.554628 2202200 cmdhandler.cpp:1326] Got GW command : 'host.sync.settings' 2024-03-14 17:52:36.557 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:36.559 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:36.560 INFO db/db.go:28 [slkcndr] Opening database file /data/acl.db 2024-03-14 17:52:36.562 INFO usecase/configmgr.go:66 [slkcndr] [Signatures Settings: TRC-132:dry TRC-15:dry TRC-178:dry TRC-41:wet TRC-62:wet TRC-90:wet TRC-12:disable TRC-166:dry TRC-175:dry TRC-179:disable TRC-191:wet TRC-197:disable TRC-47:wet TRC-122:dry TRC-169:dry TRC-30:dry TRC-35:dry TRC-45:wet TRC-113:wet TRC-131:disable TRC-133:dry TRC-143:wet TRC-57:wet TRC-103:disable TRC-111:disable TRC-137:wet TRC-157:wet TRC-21:dry TRC-42:disable TRC-6:wet TRC-123:wet TRC-184:disable TRC-89:wet TRC-91:dry TRC-94:dry TRC-119:disable TRC-155:wet TRC-23:wet TRC-39:dry TRC-43:wet TRC-80:wet ART-7:wet TRC-154:wet TRC-17:wet TRC-5:dry TRC-82:disable ART-1:wet ART-3:wet ART-4:wet TRC-105: TRC-106:wet TRC-116:dry TRC-120:dry TRC-162:dry TRC-25:wet TRC-33:wet TRC-48:wet TRC-83:wet ART-6:wet TRC-124:dry TRC-130:disable TRC-135:dry TRC-24:wet TRC-59:wet TRC-95:wet TRC-150:disable TRC-176:dry TRC-99:dry TRC-27:wet TRC-98:dry ART-2:wet TRC-182:dry TRC-38:wet TRC-7:dry TRC-102:disable TRC-110:disable TRC-141:wet TRC-167:wet TRC-180:wet TRC-185:wet TRC-19:dry TRC-64:wet TRC-144:wet TRC-146:wet TRC-183:dry TRC-107:dry TRC-117:dry TRC-78:wet TRC-115:dry TRC-173:wet TRC-18: TRC-49:wet TRC-61:wet TRC-129:wet TRC-138:wet TRC-187:dry TRC-8:disable TRC-3:wet TRC-4:disable TRC-109:dry TRC-147:wet TRC-28:dry TRC-37:wet TRC-54:dry TRC-9:wet TRC-104:wet TRC-11:wet TRC-188:dry TRC-278:wet TRC-29:wet TRC-58:wet TRC-86:wet TRC-134:dry TRC-140:wet TRH-2:dry TRC-101:dry TRC-14:wet TRC-142: TRC-153:wet TRC-16:dry TRC-279:wet TRC-74:wet TRC-112:wet TRC-114:wet TRC-26:dry TRC-51:wet TRC-67:wet TRC-148:disable ART-9:wet TRC-1:dry TRC-10:wet TRC-108:dry TRC-139:dry TRC-2:wet TRC-34:wet TRC-63:wet TRC-76:wet TRC-100: TRC-13:wet TRC-136:dry TRC-145:disable TRC-156:wet TRC-170:dry TRC-198:disable TRC-88:wet TRC-97:dry TRC-127:wet TRC-128:dry TRC-165:wet TRC-20:dry TRC-22:wet ART-8:wet TRC-149:disable TRC-84:wet TRC-121:disable TRC-151:disable TRC-163:dry TRC-168:disable TRC-181:wet TRC-36:wet TRC-60:dry TRC-66:wet TRH-1:dry TRH-3:dry TRC-118:disable TRC-40:wet TRC-55:dry TRC-96:wet TRC-177:wet TRC-71:wet ] I0314 17:52:36.564322 2202200 sedockercmd.cpp:6453] Host forensics is disabled I0314 17:52:36.573635 2202200 sedockercmd.cpp:6520] Container forensics is disabled 2024-03-14 17:52:36.580 INFO enforcersettings/enforcersettings.go:105 [slkcndr] Reloading Enforce Mode setting... 2024-03-14 17:52:36.580 INFO enforcersettings/enforcersettings.go:127 [slkcndr] Enforce Mode is enabled I0314 17:52:36.581373 2202200 connectionmonitorservice.cpp:31] Registering a new monitoring event E0314 17:52:36.581869 2201793 rpcclientparser.proxylite.pb.cc:429] Not found call id 1 E0314 17:52:36.581910 2201793 rpcclientconnectionimpl.cpp:401] Failed handle client rpc I0314 17:52:36.582082 2202200 cmdhandler.cpp:1326] Got GW command : 'litesync.update.cache' I0314 17:52:36.585817 2202200 asyncgethostimagesrecord.cpp:233] Lite Sync Finished. Synced: 37 images. I0314 17:52:36.585873 2201748 workloadsmicroservice.cpp:893] Syncing Workloads Microservice (full sync is required). I0314 17:52:36.641868 2202200 cmdhandler.cpp:1326] Got GW command : 'host.sync.secrets' [slkaudit] 2024/03/14 17:52:38 Trying to connect to GW via gRPC and address d0653fe853-gw.cloud.aquasec.com:443 I0314 17:52:40.304777 2202200 cmdhandler.cpp:1326] Got GW command : 'host.sync.secrets' 2024-03-14 17:52:41.881 INFO usecase/local.go:143 [slkcndr] Succeeded to create a local connection to gwclient I0314 17:52:43.687649 2202200 gwgrpcclient.cpp:1168] Readiness probe status set to 'ready' I0314 17:52:44.485431 2201864 enginemanagerimpl.cpp:241] Cron task started. 2024-03-14 17:52:46.303 INFO usecase/cloud.go:321 [slkcndr] Retrying unary method /cndrcloud.CndrCloud/ReportFindings after re-fetching jwt [slkaudit] 2024/03/14 17:52:48 Successfully connected to gateway via gRPC: AuditV2 2024-03-14 17:55:04.256 INFO eventsmanager/audits.go:103 [slkcndr] [End of re-sending of audits from database] 2024-03-14 17:55:04.341 INFO eventsmanager/events.go:119 [slkcndr] [End of re-sending of events from database] I0314 17:57:14.324735 2201748 workloadsmicroservice.cpp:855] Syncing 1 'container exit' events I0314 17:57:20.644624 2202200 cmdhandler.cpp:1326] Got GW command : 'lite.repo.images.add' I0314 17:57:20.651896 2202200 cmdhandler.cpp:1326] Got GW command : 'disallow.lite.images.add' I0314 17:57:23.619565 2202056 avupdatemanager.cpp:207] Starting AV Malware Update... I0314 17:57:32.040758 2202056 avupdatemanager.cpp:328] Detected an AV license update. Trying to use it during the AV update I0314 17:57:32.040813 2202056 avupdatemanager.cpp:600] Creating a backup of the local AV license file [slkhostproc] 2024/03/14 17:57:32 Command mv ran successfully I0314 17:57:32.044399 2202056 avupdatemanager.cpp:627] Replacing the old AV license file with a new one [slkhostproc] 2024/03/14 17:57:32 Command cp ran successfully I0314 17:57:32.047917 2202056 avupdatemanager.cpp:714] Successfully replaced the local AV license file with an updated one I0314 17:57:32.048405 2202056 avupdatemanager.cpp:1541] Malware update command: /var/lib/aquasec/av/data/avupdate.bin I0314 17:57:32.048506 2202056 avupdatemanager.cpp:1542] Malware update args: '--no-config' '--force-update' '--master-file=/idx/master.idx' '--key-dir=/var/lib/aquasec/av/data' '--install-dir=/var/lib/aquasec/av/data' '--update-modules-list=VDF,AVE2' '--product-file=/idx/savapi4lib-linux64-en.info.gz' '--internet-srvs=/var/lib/aquasec/tmp/malware_updates/20240314_1550/avira-malware' '--log=/var/lib/aquasec/tmp/avupdate.log' '--check-product' '--quiet' I0314 17:57:34.715610 2202200 cmdhandler.cpp:1326] Got GW command : 'lite.repo.images.add' [slkhostproc] 2024/03/14 17:57:51 Command /var/lib/aquasec/av/data/avupdate.bin ran successfully I0314 17:57:51.078035 2202056 avupdatemanager.cpp:412] Successfully updated AV license during the AV update process I0314 17:57:51.078101 2202056 avupdatemanager.cpp:447] Removing the backed-up AV license file [slkhostproc] 2024/03/14 17:57:51 Command rm ran successfully I0314 17:57:51.121783 2202056 avupdatemanager.cpp:534] AV Malware Update finished successfully