Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syscall.DisallowedSSHConnectionNonStandardPort does not trigger #221

Closed
leogr opened this issue Sep 20, 2024 · 1 comment · Fixed by #224
Closed

syscall.DisallowedSSHConnectionNonStandardPort does not trigger #221

leogr opened this issue Sep 20, 2024 · 1 comment · Fixed by #224
Assignees
@prezha
Labels
kind/bug
Milestone
v0.12.0

Comments

@leogr
Copy link
Member

leogr commented Sep 20, 2024

Describe the bug

syscall.DisallowedSSHConnectionNonStandardPort does not trigger the Falco rules (at least in my enviroment).

How to reproduce it

sudo ./event-generator -l debug test syscall.DisallowedSSH

Screenshots

sudo ./event-generator -l debug test syscall.DisallowedSSH
DEBU running with args: ./event-generator -l debug test syscall.DisallowedSSH 
DEBU running without a configuration file         
DEBU running with options                          loglevel=debug
INFO sleep for 100ms                               action=syscall.DisallowedSSHConnectionNonStandardPort
DEBU failed to run ssh command (this is expected)  action=syscall.DisallowedSSHConnectionNonStandardPort error="signal: killed"
ERRO action error                                  action=syscall.DisallowedSSHConnectionNonStandardPort error="context deadline exceeded"

N.B. signal: killed

Environment

Fri Sep 20 17:19:58 2024: Falco version: 0.38.2 (aarch64)
Fri Sep 20 17:19:58 2024: Falco initialized with configuration files:
Fri Sep 20 17:19:58 2024:    /etc/falco/falco.yaml
Fri Sep 20 17:19:58 2024: System info: Linux version 6.8.0-41-generic (buildd@bos03-arm64-063) (aarch64-linux-gnu-gcc-13 (Ubuntu 13.2.0-23ubuntu4) 13.2.0, GNU ld (GNU Binutils for Ubuntu) 2.42) #41-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug  2 23:26:06 UTC 2024
Falco version: 0.38.2
Libs version:  0.17.3
Plugin API:    3.6.0
Engine:        0.40.0
Driver:
  API version:    8.0.0
  Schema version: 2.0.0
  Default driver: 7.2.1+driver

Additional context

Related to #220 cc @prezha

Also note that manually running ssh [email protected] -p 443 worked for me.
@leogr leogr added the kind/bug label Sep 20, 2024
This was referenced Sep 20, 2024
Closed
Merged
@prezha
Copy link
Contributor

prezha commented Sep 20, 2024

/assign

@leogr leogr added this to the v0.12.0 milestone Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prezha prezha

Labels
kind/bug
Projects
None yet
Milestone
v0.12.0
Development

Successfully merging a pull request may close this issue.

increase timeout for syscall.DisallowedSSHConnectionNonStandardPort prezha/event-generator
2 participants
@leogr @prezha