redirect logs to alerts based on defaultArmor mode

When KubeArmor is equipped with default armor block/audit each of the telemetry events generated needs to be an alert. This commit introduces changes to the policy matcher to update our logs to implicit block/audit alerts based on the default armor mode.

Ref kubearmor#595

Signed-off-by: daemon1024 <[email protected]>

KubeArmor/feeder/feeder.go

@@ -536,7 +536,7 @@ func (fd *Feeder) PushLog(log tp.Log) {
 	}
 
 	// gRPC output
-	if log.Type == "MatchedPolicy" || log.Type == "MatchedHostPolicy" || log.Type == "MatchedNativePolicy" {
+	if log.Type == "MatchedPolicy" || log.Type == "MatchedHostPolicy" || log.Type == "MatchedNativePolicy" || log.Type == "DefaultArmor" {
 		pbAlert := pb.Alert{}
 
 		pbAlert.Timestamp = log.Timestamp

KubeArmor/feeder/policyMatcher.go

@@ -1008,18 +1008,58 @@ func (fd *Feeder) UpdateMatchedPolicy(log tp.Log) tp.Log {
 				}
 			}
 
-			if log.ProcessVisibilityEnabled && log.Operation == "Process" {
-				log.Type = "ContainerLog"
-				return log
-			} else if log.FileVisibilityEnabled && log.Operation == "File" {
-				log.Type = "ContainerLog"
-				return log
-			} else if log.NetworkVisibilityEnabled && log.Operation == "Network" {
-				log.Type = "ContainerLog"
-				return log
-			} else if log.CapabilitiesVisibilityEnabled && log.Operation == "Capabilities" {
-				log.Type = "ContainerLog"
-				return log
+			if log.Operation == "Process" {
+				if cfg.GlobalCfg.DefaultFileArmor == "block" {
+					log.Type = "DefaultArmor"
+					log.Action = "ImplicitBlock"
+					return log
+				} else if cfg.GlobalCfg.DefaultFileArmor == "audit" {
+					log.Type = "DefaultArmor"
+					log.Action = "ImplicitAudit"
+					return log
+				} else if log.ProcessVisibilityEnabled {
+					log.Type = "ContainerLog"
+					return log
+				}
+			} else if log.Operation == "File" {
+				if cfg.GlobalCfg.DefaultFileArmor == "block" {
+					log.Type = "DefaultArmor"
+					log.Action = "ImplicitBlock"
+					return log
+				} else if cfg.GlobalCfg.DefaultFileArmor == "audit" {
+					log.Type = "DefaultArmor"
+					log.Action = "ImplicitAudit"
+					return log
+				} else if log.FileVisibilityEnabled {
+					log.Type = "ContainerLog"
+					return log
+				}
+			} else if log.Operation == "Network" {
+				if cfg.GlobalCfg.DefaultNetworkArmor == "block" {
+					log.Type = "DefaultArmor"
+					log.Action = "ImplicitBlock"
+					return log
+				} else if cfg.GlobalCfg.DefaultNetworkArmor == "audit" {
+					log.Type = "DefaultArmor"
+					log.Action = "ImplicitAudit"
+					return log
+				} else if log.NetworkVisibilityEnabled {
+					log.Type = "ContainerLog"
+					return log
+				}
+			} else if log.Operation == "Capabilities" {
+				if cfg.GlobalCfg.DefaultCapabilityArmor == "block" {
+					log.Type = "DefaultArmor"
+					log.Action = "ImplicitBlock"
+					return log
+				} else if cfg.GlobalCfg.DefaultCapabilityArmor == "audit" {
+					log.Type = "DefaultArmor"
+					log.Action = "ImplicitAudit"
+					return log
+				} else if log.CapabilitiesVisibilityEnabled {
+					log.Type = "ContainerLog"
+					return log
+				}
 			}
 		} else if log.Type == "MatchedPolicy" {
 			if log.PolicyEnabled == tp.KubeArmorPolicyAudited {