Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

increase timeout for syscall.DisallowedSSHConnectionNonStandardPort #224

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

increase timeout for syscall.DisallowedSSHConnectionNonStandardPort #224

wants to merge 1 commit into from
+2 −1

Conversation

prezha
Copy link
Contributor

@prezha prezha commented Sep 20, 2024
edited
Loading

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area events

What this PR does / why we need it:

on some systems, the syscall.DisallowedSSHConnectionNonStandardPort event does not trigger due to too short timeout of 1s, so we're increasing it to 5s

Which issue(s) this PR fixes:

Fixes #221

Special notes for your reviewer:

//cc: @leogr i was able to reproduce the issue on lima and arm64 mac, but have not seen it on minikube or "vanilla" ubuntu kvm vm on linux x86/amd64 before: signal: killed comes from the context timeout that was apparently too short in this case

$ falco --version
Fri Sep 20 19:09:58 2024: Falco version: 0.38.2 (aarch64)
Fri Sep 20 19:09:58 2024: Falco initialized with configuration files:
Fri Sep 20 19:09:58 2024:    /etc/falco/falco.yaml
Fri Sep 20 19:09:58 2024: System info: Linux version 6.8.0-41-generic (buildd@bos03-arm64-063) (aarch64-linux-gnu-gcc-13 (Ubuntu 13.2.0-23ubuntu4) 13.2.0, GNU ld (GNU Binutils for Ubuntu) 2.42) #41-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug  2 23:26:06 UTC 2024
Falco version: 0.38.2
Libs version:  0.17.3
Plugin API:    3.6.0
Engine:        0.40.0
Driver:
  API version:    8.0.0
  Schema version: 2.0.0
  Default driver: 7.2.1+driver

$ sudo ./event-generator -l debug test syscall.DisallowedSSH
DEBU running with args: ./event-generator -l debug test syscall.DisallowedSSH
DEBU running without a configuration file
DEBU running with options                          loglevel=debug
INFO sleep for 100ms                               action=syscall.DisallowedSSHConnectionNonStandardPort
DEBU failed to run ssh command (this is expected)  action=syscall.DisallowedSSHConnectionNonStandardPort error="exit status 255"
INFO test passed                                   action=syscall.DisallowedSSHConnectionNonStandardPort rule="Disallowed SSH Connection Non Standard Port" source=syscall

@poiana
Copy link

poiana commented Sep 20, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: prezha
Once this PR has been reviewed and has the lgtm label, please assign alacuku for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana added the size/XS label Sep 20, 2024
@prezha prezha mentioned this pull request Sep 20, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alacuku alacuku Awaiting requested review from alacuku

@FedeDP FedeDP Awaiting requested review from FedeDP

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
area/events dco-signoff: yes kind/bug size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

syscall.DisallowedSSHConnectionNonStandardPort does not trigger
2 participants
@prezha @poiana