diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml index 0e0d916ca..299ce4add 100644 --- a/charts/shield/Chart.yaml +++ b/charts/shield/Chart.yaml @@ -13,5 +13,5 @@ maintainers: - name: mavimo email: marcovito.moscaritolo@sysdig.com type: application -version: 1.23.4 +version: 1.24.2 appVersion: "1.0.0" diff --git a/charts/shield/README.md b/charts/shield/README.md index c1cf06cda..648e229b3 100644 --- a/charts/shield/README.md +++ b/charts/shield/README.md @@ -105,6 +105,7 @@ The following table lists the configurable parameters of the `shield` chart and | features.detections.kubernetes_audit.http_port | The port that will be used to expose the audit endpoints | 6443 | | features.detections.kubernetes_audit.excluded_namespaces | The list of namespaces that will be excluded from the audit feature | [] | | features.detections.kubernetes_audit.webhook_rules | List of rules used to determine if a request should be audited | [{"apiGroups":["","apps","autoscaling","batch","networking.k8s.io","rbac.authorization.k8s.io","extensions"],"apiVersions":["*"],"operations":["*"],"resources":["*/*"],"scope":"*"}] | +| features.detections.file_integrity_monitoring.enabled | | false | | features.investigations.activity_audit.enabled | | false | | features.investigations.live_logs.enabled | | false | | features.investigations.network_security.enabled | Enable the network security feature | false | diff --git a/charts/shield/templates/host/_configmap_helpers.tpl b/charts/shield/templates/host/_configmap_helpers.tpl index 0efeeb99e..eeab7b4e3 100644 --- a/charts/shield/templates/host/_configmap_helpers.tpl +++ b/charts/shield/templates/host/_configmap_helpers.tpl @@ -40,7 +40,7 @@ {{- end }} {{- define "host.configmap.detections" }} -{{- dict "detections" (pick . "ml_policies") | toYaml }} +{{- dict "detections" (pick . "ml_policies" "file_integrity_monitoring") | toYaml }} {{- end }} {{/* Generate the 'host_shield_config.yaml' content */}} diff --git a/charts/shield/tests/host/configmap-host-shield-config_test.yaml b/charts/shield/tests/host/configmap-host-shield-config_test.yaml index 090e88886..9a13d5d66 100644 --- a/charts/shield/tests/host/configmap-host-shield-config_test.yaml +++ b/charts/shield/tests/host/configmap-host-shield-config_test.yaml @@ -21,6 +21,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -50,6 +52,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -79,6 +83,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -108,6 +114,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -137,6 +145,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -161,6 +171,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -193,6 +205,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -224,6 +238,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -271,6 +287,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -339,6 +357,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -427,6 +447,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -457,6 +479,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: true posture: @@ -474,6 +498,37 @@ tests: enabled: false integration_enabled: false + - it: Enable File Integrity Monitoring + set: + features: + detections: + file_integrity_monitoring: + enabled: true + asserts: + - matchRegex: + path: data['host-shield.yaml'] + pattern: |- + features: + detections: + file_integrity_monitoring: + enabled: true + ml_policies: + enabled: false + posture: + host_posture: + enabled: false + respond: + rapid_response: + enabled: false + response_actions: + enabled: false + vulnerability_management: + host_vulnerability_management: + enabled: false + in_use: + enabled: false + integration_enabled: false + - it: Ensure Local Forwarder set: features: diff --git a/charts/shield/values.schema.json b/charts/shield/values.schema.json index 974e52806..7af5867b3 100644 --- a/charts/shield/values.schema.json +++ b/charts/shield/values.schema.json @@ -883,6 +883,9 @@ }, "kubernetes_audit": { "$ref": "#/$defs/FeatureGroupDetections/$defs/KubernetesAudit" + }, + "file_integrity_monitoring": { + "$ref": "#/$defs/FeatureGroupDetections/$defs/FileIntegrityMonitoring" } }, "$defs": { @@ -972,6 +975,16 @@ ] } } + }, + "FileIntegrityMonitoring": { + "type": "object", + "additionalProperties": true, + "properties": { + "enabled": { + "type": "boolean", + "description": "Specify if the File Integrity Monitoring feature is enabled" + } + } } } }, diff --git a/charts/shield/values.yaml b/charts/shield/values.yaml index 65d83a64c..006cda4fd 100644 --- a/charts/shield/values.yaml +++ b/charts/shield/values.yaml @@ -128,6 +128,8 @@ features: resources: - '*/*' scope: '*' + file_integrity_monitoring: + enabled: false investigations: activity_audit: