From adb641c6da6946cd415ade3f78708cf46551ddfc Mon Sep 17 00:00:00 2001
From: Afek Berger <afekb@armosec.io>
Date: Tue, 8 Oct 2024 10:35:51 +0300
Subject: [PATCH] Added ptrace rule (#516)

* Added ptrace rule

* Update tests

* WIP: fixed tests
---
 .../templates/node-agent/default-rule-binding-namespaced.yaml   | 1 +
 .../templates/node-agent/default-rule-binding.yaml              | 1 +
 .../tests/__snapshot__/snapshot_test.yaml.snap                  | 2 ++
 3 files changed, 4 insertions(+)

diff --git a/charts/kubescape-operator/templates/node-agent/default-rule-binding-namespaced.yaml b/charts/kubescape-operator/templates/node-agent/default-rule-binding-namespaced.yaml
index 522d63e3..976e0029 100644
--- a/charts/kubescape-operator/templates/node-agent/default-rule-binding-namespaced.yaml
+++ b/charts/kubescape-operator/templates/node-agent/default-rule-binding-namespaced.yaml
@@ -35,4 +35,5 @@ spec:
     - ruleName: "Exec to pod"
     - ruleName: "Port forward"
     - ruleName: "Unexpected Egress Network Traffic"
+    - ruleName: "Malicious Ptrace Usage"
 {{- end }}
diff --git a/charts/kubescape-operator/templates/node-agent/default-rule-binding.yaml b/charts/kubescape-operator/templates/node-agent/default-rule-binding.yaml
index 49ff03a5..8def0af0 100644
--- a/charts/kubescape-operator/templates/node-agent/default-rule-binding.yaml
+++ b/charts/kubescape-operator/templates/node-agent/default-rule-binding.yaml
@@ -53,4 +53,5 @@ spec:
     - ruleName: "Exec to pod"
     - ruleName: "Port forward"
     - ruleName: "Unexpected Egress Network Traffic"
+    - ruleName: "Malicious Ptrace Usage"
 {{- end }}
diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap
index 63ec4047..c335d667 100644
--- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap
+++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap
@@ -3055,6 +3055,7 @@ all capabilities:
         - ruleName: Exec to pod
         - ruleName: Port forward
         - ruleName: Unexpected Egress Network Traffic
+        - ruleName: Malicious Ptrace Usage
   57: |
     apiVersion: networking.k8s.io/v1
     kind: NetworkPolicy
@@ -8544,6 +8545,7 @@ default capabilities:
         - ruleName: Exec to pod
         - ruleName: Port forward
         - ruleName: Unexpected Egress Network Traffic
+        - ruleName: Malicious Ptrace Usage
   46: |
     apiVersion: networking.k8s.io/v1
     kind: NetworkPolicy