Skip to content

Add annotation if agent reverts#294

Merged
varunsh-coder merged 3 commits into
step-security:rc-2from
h0x0er:issue203
Sep 25, 2022
Merged

Add annotation if agent reverts#294
varunsh-coder merged 3 commits into
step-security:rc-2from
h0x0er:issue203

Conversation

@h0x0er

@h0x0er h0x0er commented Sep 5, 2022

Copy link
Copy Markdown
Member

Closes #203

@varunsh-coder varunsh-coder changed the base branch from int to rc-2 September 13, 2022 16:35
@varunsh-coder

Copy link
Copy Markdown
Member

Hi @h0x0er

The change you made is not at the right place. The agent will not revert for any domain that is not resolved. It is only for those in the allowed list.

Please add the line over here instead:

agent/agent.go

Line 112 in ca30228

RevertChanges(iptables, nflog, cmd, resolvdConfigPath, dockerDaemonConfigPath, dnsConfig)

Also, add the standard prefix before the annotation StepSecurity Harden Runner: . In fact, you can make this a constant and use the constant.

The message can be StepSecurity Harden Runner: Reverting agent since allowed endpoint [endpoint domain] could not be resolved

@varunsh-coder varunsh-coder merged commit 7c8ea31 into step-security:rc-2 Sep 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants