Skip to content

Commit

Permalink
Merge pull request #1957 from rksharma95/fix-alerts-duplication
Browse files Browse the repository at this point in the history 
fix(feeder): fix alert duplication
  • Loading branch information
@daemon1024
daemon1024 authored Jan 31, 2025
2 parents 9656a7f + 5882551 commit a683113
Show file tree
Hide file tree
Showing 20 changed files with 237 additions and 43 deletions.
9 changes: 9 additions & 0 deletions KubeArmor/common/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -625,3 +625,12 @@ func GetLabelsFromString(labelString string) (map[string]string, []string) {
func GetCurrentTimeStamp() uint64 {
return uint64(time.Now().UnixNano())
}

// ============
// == Feeder ==
// ============

// IsPresetEnforcer returns true if log is generated by any of preset enforcer
func IsPresetEnforcer(enforcer string) bool {
return strings.Contains(enforcer, "PRESET")
}
18 changes: 16 additions & 2 deletions KubeArmor/enforcer/bpflsm/enforcer_bpfeb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 16 additions & 2 deletions KubeArmor/enforcer/bpflsm/enforcer_bpfel.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 16 additions & 2 deletions KubeArmor/enforcer/bpflsm/enforcer_path_bpfeb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 16 additions & 2 deletions KubeArmor/enforcer/bpflsm/enforcer_path_bpfel.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 14 additions & 13 deletions KubeArmor/feeder/feeder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -534,20 +534,21 @@ func (fd *Feeder) PushLog(log tp.Log) {
in case of enforcer = AppArmor only Default Posture logs will be converted to
container/host log depending upon the defaultPostureLogs flag
*/

if (cfg.GlobalCfg.EnforcerAlerts && fd.Enforcer == "BPFLSM" && log.Enforcer == "eBPF Monitor") || (fd.Enforcer != "BPFLSM" && !cfg.GlobalCfg.DefaultPostureLogs) {
log = fd.UpdateMatchedPolicy(log)
if (log.Type == "MatchedPolicy" || log.Type == "MatchedHostPolicy") && ((fd.Enforcer == "BPFLSM" && (strings.Contains(log.PolicyName, "DefaultPosture") || !strings.Contains(log.Action, "Audit"))) || (fd.Enforcer != "BPFLSM" && strings.Contains(log.PolicyName, "DefaultPosture"))) {
if log.Type == "MatchedPolicy" {
log.Type = "ContainerLog"
} else if log.Type == "MatchedHostPolicy" {
log.Type = "HostLog"
if !common.IsPresetEnforcer(log.Enforcer) {
if (cfg.GlobalCfg.EnforcerAlerts && fd.Enforcer == "BPFLSM" && log.Enforcer == "") || (fd.Enforcer != "BPFLSM" && !cfg.GlobalCfg.DefaultPostureLogs) {
log = fd.UpdateMatchedPolicy(log)
if (log.Type == "MatchedPolicy" || log.Type == "MatchedHostPolicy") && ((fd.Enforcer == "BPFLSM" && (strings.Contains(log.PolicyName, "DefaultPosture") || !strings.Contains(log.Action, "Audit"))) || (fd.Enforcer != "BPFLSM" && strings.Contains(log.PolicyName, "DefaultPosture"))) {
if log.Type == "MatchedPolicy" {
log.Type = "ContainerLog"
} else if log.Type == "MatchedHostPolicy" {
log.Type = "HostLog"
}
}
} else {
log = fd.UpdateMatchedPolicy(log)
if fd.Enforcer == "BPFLSM" {
log.Enforcer = "BPFLSM"
}
}
} else {
log = fd.UpdateMatchedPolicy(log)
if fd.Enforcer == "BPFLSM" && !strings.Contains(log.Enforcer, "PRESET") {
log.Enforcer = "BPFLSM"
}
}

Expand Down
2 changes: 1 addition & 1 deletion KubeArmor/go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/kubearmor/KubeArmor/KubeArmor

go 1.23.4
go 1.23.5

replace (
github.com/kubearmor/KubeArmor => ../../
Expand Down
20 changes: 18 additions & 2 deletions KubeArmor/presets/anonmapexec/anonmapexec_bpfeb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

20 changes: 18 additions & 2 deletions KubeArmor/presets/anonmapexec/anonmapexec_bpfel.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit a683113

Please sign in to comment.