adding an event on modify container entrypoint

falcosecurity / event-generator

Generate a variety of suspect actions that are detected by Falco rulesets

Apache License 2.0

95 stars 40 forks source link

adding an event on modify container entrypoint #191

Closed h4l0gen closed 6 months ago

h4l0gen commented 8 months ago

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind documentation

/kind tests

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area commands

/area pkg

/area events

What this PR does / why we need it: this event must to have as it try to create environment of Container Breakout Exploit (CVE-2019-5736) Which issue(s) this PR fixes:

Fixes #186

Special notes for your reviewer:

h4l0gen commented 7 months ago

@FedeDP @leogr This rule is triggered successfully.

Dockerfile used

FROM alpine:latest

RUN apk update && apk add coreutils

poiana commented 6 months ago

LGTM label has been added.

Git tree hash: 086d75de9178696d3e7345cbbf39d7b9825b3fb7

poiana commented 6 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: h4l0gen, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/falcosecurity/event-generator/blob/main/OWNERS)~~ [leogr] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment