From 94323968ec41d7ee2ebc2f4c45de1880ecd4b57e Mon Sep 17 00:00:00 2001
From: YASH PATEL <yp969803@gmail.com>
Date: Sat, 27 Jul 2024 19:29:24 +0530
Subject: [PATCH] feat: added kubectl exec alert policy Signed-off-by: Yash
 Patel yp969803@gmail.com

Signed-off-by: YASH PATEL <yp969803@gmail.com>
---
 .../kubearmorhostpolicy_controller.go         | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/pkg/KubeArmorController/controllers/kubearmorhostpolicy_controller.go b/pkg/KubeArmorController/controllers/kubearmorhostpolicy_controller.go
index c6115f94e..faee91d4a 100644
--- a/pkg/KubeArmorController/controllers/kubearmorhostpolicy_controller.go
+++ b/pkg/KubeArmorController/controllers/kubearmorhostpolicy_controller.go
@@ -7,6 +7,8 @@ import (
 	"context"
 
 	"github.com/go-logr/logr"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -26,6 +28,44 @@ type KubeArmorHostPolicyReconciler struct {
 
 func (r *KubeArmorHostPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 
+	// definig the kubectl-exec-policy
+	policy := &securityv1.KubeArmorClusterPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "alert-kubectl-exec",
+		},
+		Spec: securityv1.KubeArmorClusterPolicySpec{
+			Severity: 1,
+			Tags:     []string{"kubectl", "exec", "alert"},
+			Message:  "Detected kubectl exec",
+			Selector: securityv1.NsSelectorType{},
+			Process: securityv1.ProcessType{
+				MatchPatterns: []securityv1.ProcessPatternType{
+					{Pattern: "ppid=0.*tty!=null",
+						Action: securityv1.ActionType("Audit"),
+					},
+				},
+			},
+		},
+	}
+	// Check if the policy already exists
+	existingPolicy := &securityv1.KubeArmorClusterPolicy{}
+	err := r.Get(ctx, types.NamespacedName{Name: policy.Name}, existingPolicy)
+	if err != nil {
+		if client.IgnoreNotFound(err) != nil {
+			return ctrl.Result{}, err
+		}
+		// Policy not found, create it
+		if err := r.Create(ctx, policy); err != nil {
+			return ctrl.Result{}, err
+		}
+	} else {
+		// Policy found, update it if necessary
+		existingPolicy.Spec = policy.Spec
+		if err := r.Update(ctx, existingPolicy); err != nil {
+			return ctrl.Result{}, err
+		}
+	}
+
 	return ctrl.Result{}, nil
 }