Skip to content

Commit

Permalink
updated symbolic link events
Browse files Browse the repository at this point in the history
  • Loading branch information
Asif Ali committed Apr 3, 2022
1 parent 9162922 commit 7b7d325
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 9 deletions.
23 changes: 23 additions & 0 deletions KubeArmor/monitor/hostLogUpdate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,29 @@ func (mon *SystemMonitor) UpdateHostLogs() {
log := mon.BuildLogBase(msg)

switch msg.ContextSys.EventID {

case Sys_link, Sys_unlink, Sys_symlink, Sys_readlink:
{

if len(msg.ContextArgs) != 2 {
continue
}

var fileName string
var fileOpenFlags string

if val, ok := msg.ContextArgs[0].(string); ok {
fileName = val
}
if val, ok := msg.ContextArgs[1].(string); ok {
fileOpenFlags = val
}

log.Operation = "Symbolic Link"
log.Resource = fileName
log.Data = "syscall=" + getSyscallName(int32(msg.ContextSys.EventID)) + " flags=" + fileOpenFlags

}
case SysOpen:
if len(msg.ContextArgs) != 2 {
continue
Expand Down
21 changes: 12 additions & 9 deletions KubeArmor/monitor/systemMonitor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,18 @@ import (

// System Call Numbers
const (
SysOpen = 2
SysOpenAt = 257
SysClose = 3

SysSocket = 41
SysConnect = 42
SysAccept = 43
SysBind = 49
SysListen = 50
SysOpen = 2
SysOpenAt = 257
SysClose = 3
Sys_link = 85
Sys_unlink = 86
Sys_symlink = 87
Sys_readlink = 88
SysSocket = 41
SysConnect = 42
SysAccept = 43
SysBind = 49
SysListen = 50

SysExecve = 59
SysExecveAt = 322
Expand Down

0 comments on commit 7b7d325

Please sign in to comment.