Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update(falco-incubating_rules.yaml): add Backdoored library loaded in… #240

Merged
merged 1 commit into from
Apr 5, 2024
Merged

update(falco-incubating_rules.yaml): add Backdoored library loaded in… #240

merged 1 commit into from
Apr 5, 2024

Conversation

loresuso
Copy link
Member

@loresuso loresuso commented Apr 5, 2024

…to SSHD rule

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind feature

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area rules

/area registry

/area build

/area documentation

Proposed rule maturity level

Uncomment one (or more) /area <> lines (only for PRs that add or modify rules):

/area maturity-stable

/area maturity-incubating

/area maturity-sandbox

/area maturity-deprecated

What this PR does / why we need it:

Detect the sshd process loading a vulnerable version of libzlma

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

@poiana poiana added kind/feature New feature or request area/rules dco-signoff: yes area/maturity-incubating See the Rules Maturity Framework size/XS labels Apr 5, 2024
@poiana poiana requested review from Kaizhe and leodido April 5, 2024 12:52
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 5, 2024

Rules files suggestions

falco-incubating_rules.yaml

Comparing 18782857a86acd3a4c4501bbe316beb52d240d6c with latest tag falco-incubating-rules-3.0.1

Minor changes:

  • Rule Backdoored library loaded into SSHD (CVE-2024-3094) has been added

Patch changes:

  • List falco_privileged_images has some item added or removed

@poiana poiana added size/S and removed size/XS labels Apr 5, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 5, 2024

Rules files suggestions

falco-incubating_rules.yaml

Comparing cbe2125a0edc1ea23a0ba04ba8daf7a0cc46e90f with latest tag falco-incubating-rules-3.0.1

Minor changes:

  • Rule Backdoored library loaded into SSHD (CVE-2024-3094) has been added

Patch changes:

  • List falco_privileged_images has some item added or removed

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 5, 2024

Rules files suggestions

falco-incubating_rules.yaml

Comparing 8cf87fecb2177d742b90b3509a0d784ac70eac5e with latest tag falco-incubating-rules-3.0.1

Minor changes:

  • Rule Backdoored library loaded into SSHD (CVE-2024-3094) has been added

Patch changes:

  • List falco_privileged_images has some item added or removed

@loresuso loresuso changed the title update(falco-incubating_tules.yaml): add Backdoored library loaded in… update(falco-incubating_rules.yaml): add Backdoored library loaded in… Apr 5, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 5, 2024

Rules files suggestions

falco-incubating_rules.yaml

Comparing 277d30982fea6d5f700daffd47f500b841c4762b with latest tag falco-incubating-rules-3.0.1

Minor changes:

  • Rule Backdoored library loaded into SSHD (CVE-2024-3094) has been added

Patch changes:

  • List falco_privileged_images has some item added or removed

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 5, 2024

Rules files suggestions

falco-incubating_rules.yaml

Comparing 479be42745cc1b50f72d6a716fb7e4967364a25e with latest tag falco-incubating-rules-3.0.1

Minor changes:

  • Rule Backdoored library loaded into SSHD (CVE-2024-3094) has been added

Patch changes:

  • List falco_privileged_images has some item added or removed

LucaGuerra
LucaGuerra approved these changes Apr 5, 2024
View reviewed changes
Copy link
Contributor

@LucaGuerra LucaGuerra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@poiana poiana added the lgtm label Apr 5, 2024
@poiana
Copy link

poiana commented Apr 5, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: loresuso, LucaGuerra

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link

poiana commented Apr 5, 2024

LGTM label has been added.

Git tree hash: a5f03a0d5aba54d53f4b64fe5dc802d5796d1157

@poiana poiana added the approved label Apr 5, 2024
@poiana poiana merged commit 869c9a7 into falcosecurity:main Apr 5, 2024
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LucaGuerra LucaGuerra LucaGuerra approved these changes

@Kaizhe Kaizhe Awaiting requested review from Kaizhe

@leodido leodido Awaiting requested review from leodido

Assignees

@LucaGuerra LucaGuerra

Labels
approved area/maturity-incubating See the Rules Maturity Framework area/rules dco-signoff: yes kind/feature New feature or request lgtm size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@loresuso @poiana @LucaGuerra