Some inbound file descriptors not fully resolved

[mstemm]

While working through some updates to the falco rules, I found that with the current set of rules, network file descriptors won't have their state (hostname and port) fully resolved. For example, the installer_bash_starts_network_server rule can't show the address/port on which the process is trying to listen.

The reason for this is that file descriptor resolution generally occurs during a bind. However, as no current rule looks for bind events, the file descriptor meta-information isn't associated with the fd.

We'll have to figure out a way to get the bind events to libsinsp so the meta-information can be saved.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.