search

CrowdStrike / Cloud-AWS

A collection of projects supporting AWS Integration
MIT License
142 stars 81 forks source link

No `lsmod` in current image, can't verify as per docs #245

Closed jamesez closed 9 months ago

jamesez commented 10 months ago

Working through https://github.com/CrowdStrike/Cloud-AWS/blob/main/Container%20Security/kernel-eks-implementation-guide.md, it says to exec into one of the CS pods and run lsmod, but the current image doesn't seem to include one:

) kubectl -n falcon-system exec -i -t falcon-helm-falcon-sensor-2qkg6 -- /bin/sh
Defaulted container "falcon-node-sensor" out of: falcon-node-sensor, init-falconstore (init)
sh-4.4# lsmod
sh: lsmod: command not found

I was able to verify it by launching a debian pod, installing kmod, but the docs are incorrect.

jamesez commented 9 months ago

"Fixing" this by just removing the documentation is deeply dissatisfying, and speaks to engineering time being misallocated.