From 5edb412142560dfa98ed348aab362472f7b52443 Mon Sep 17 00:00:00 2001 From: Roberto Scolaro Date: Thu, 27 Nov 2025 10:29:49 +0000 Subject: [PATCH 1/3] feat(shield): add file_integrity_monitoring Signed-off-by: Roberto Scolaro --- charts/shield/Chart.yaml | 2 +- charts/shield/README.md | 1 + .../templates/host/_configmap_helpers.tpl | 2 ++ .../host/configmap-dragent-yaml_test.yaml | 18 ++++++++++++++++++ charts/shield/values.schema.json | 13 +++++++++++++ charts/shield/values.yaml | 2 ++ 6 files changed, 37 insertions(+), 1 deletion(-) diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml index 0e0d916ca..406fde828 100644 --- a/charts/shield/Chart.yaml +++ b/charts/shield/Chart.yaml @@ -13,5 +13,5 @@ maintainers: - name: mavimo email: marcovito.moscaritolo@sysdig.com type: application -version: 1.23.4 +version: 1.24.4 appVersion: "1.0.0" diff --git a/charts/shield/README.md b/charts/shield/README.md index c1cf06cda..648e229b3 100644 --- a/charts/shield/README.md +++ b/charts/shield/README.md @@ -105,6 +105,7 @@ The following table lists the configurable parameters of the `shield` chart and | features.detections.kubernetes_audit.http_port | The port that will be used to expose the audit endpoints | 6443 | | features.detections.kubernetes_audit.excluded_namespaces | The list of namespaces that will be excluded from the audit feature | [] | | features.detections.kubernetes_audit.webhook_rules | List of rules used to determine if a request should be audited | [{"apiGroups":["","apps","autoscaling","batch","networking.k8s.io","rbac.authorization.k8s.io","extensions"],"apiVersions":["*"],"operations":["*"],"resources":["*/*"],"scope":"*"}] | +| features.detections.file_integrity_monitoring.enabled | | false | | features.investigations.activity_audit.enabled | | false | | features.investigations.live_logs.enabled | | false | | features.investigations.network_security.enabled | Enable the network security feature | false | diff --git a/charts/shield/templates/host/_configmap_helpers.tpl b/charts/shield/templates/host/_configmap_helpers.tpl index 0efeeb99e..4d6562738 100644 --- a/charts/shield/templates/host/_configmap_helpers.tpl +++ b/charts/shield/templates/host/_configmap_helpers.tpl @@ -106,6 +106,8 @@ true (dict "enabled" .investigations.audit_tap.enabled) "drift_control" (dict "enabled" .detections.drift_control.enabled) + "file_integrity_monitoring" + (dict "enabled" .detections.file_integrity_monitoring.enabled) "jmx" (dict "enabled" (dig (include "host.monitor_key" .) "java_management_extensions" "enabled" false .)) "live_logs" diff --git a/charts/shield/tests/host/configmap-dragent-yaml_test.yaml b/charts/shield/tests/host/configmap-dragent-yaml_test.yaml index 8d688c4f7..3fcffdff8 100644 --- a/charts/shield/tests/host/configmap-dragent-yaml_test.yaml +++ b/charts/shield/tests/host/configmap-dragent-yaml_test.yaml @@ -645,6 +645,11 @@ tests: pattern: | drift_control: enabled: false + - matchRegex: + path: data['dragent.yaml'] + pattern: | + file_integrity_monitoring: + enabled: false - matchRegex: path: data['dragent.yaml'] pattern: | @@ -780,6 +785,19 @@ tests: malware_control: enabled: true + - it: Enable File Integrity Monitoring + set: + features: + detections: + file_integrity_monitoring: + enabled: true + asserts: + - matchRegex: + path: data['dragent.yaml'] + pattern: | + file_integrity_monitoring: + enabled: true + - it: Enable Network Security set: features: diff --git a/charts/shield/values.schema.json b/charts/shield/values.schema.json index 974e52806..7af5867b3 100644 --- a/charts/shield/values.schema.json +++ b/charts/shield/values.schema.json @@ -883,6 +883,9 @@ }, "kubernetes_audit": { "$ref": "#/$defs/FeatureGroupDetections/$defs/KubernetesAudit" + }, + "file_integrity_monitoring": { + "$ref": "#/$defs/FeatureGroupDetections/$defs/FileIntegrityMonitoring" } }, "$defs": { @@ -972,6 +975,16 @@ ] } } + }, + "FileIntegrityMonitoring": { + "type": "object", + "additionalProperties": true, + "properties": { + "enabled": { + "type": "boolean", + "description": "Specify if the File Integrity Monitoring feature is enabled" + } + } } } }, diff --git a/charts/shield/values.yaml b/charts/shield/values.yaml index 65d83a64c..006cda4fd 100644 --- a/charts/shield/values.yaml +++ b/charts/shield/values.yaml @@ -128,6 +128,8 @@ features: resources: - '*/*' scope: '*' + file_integrity_monitoring: + enabled: false investigations: activity_audit: From 85f8f176b385b22ac1acd521ecdf35e2f3194329 Mon Sep 17 00:00:00 2001 From: Roberto Scolaro Date: Fri, 28 Nov 2025 09:17:41 +0000 Subject: [PATCH 2/3] fix: address review comments Signed-off-by: Roberto Scolaro --- charts/shield/Chart.yaml | 2 +- .../templates/host/_configmap_helpers.tpl | 2 +- .../host/configmap-dragent-yaml_test.yaml | 5 -- .../configmap-host-shield-config_test.yaml | 55 +++++++++++++++++++ 4 files changed, 57 insertions(+), 7 deletions(-) diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml index 406fde828..299ce4add 100644 --- a/charts/shield/Chart.yaml +++ b/charts/shield/Chart.yaml @@ -13,5 +13,5 @@ maintainers: - name: mavimo email: marcovito.moscaritolo@sysdig.com type: application -version: 1.24.4 +version: 1.24.2 appVersion: "1.0.0" diff --git a/charts/shield/templates/host/_configmap_helpers.tpl b/charts/shield/templates/host/_configmap_helpers.tpl index 4d6562738..5f828b7a3 100644 --- a/charts/shield/templates/host/_configmap_helpers.tpl +++ b/charts/shield/templates/host/_configmap_helpers.tpl @@ -40,7 +40,7 @@ {{- end }} {{- define "host.configmap.detections" }} -{{- dict "detections" (pick . "ml_policies") | toYaml }} +{{- dict "detections" (pick . "ml_policies" "file_integrity_monitoring") | toYaml }} {{- end }} {{/* Generate the 'host_shield_config.yaml' content */}} diff --git a/charts/shield/tests/host/configmap-dragent-yaml_test.yaml b/charts/shield/tests/host/configmap-dragent-yaml_test.yaml index 3fcffdff8..ec960e796 100644 --- a/charts/shield/tests/host/configmap-dragent-yaml_test.yaml +++ b/charts/shield/tests/host/configmap-dragent-yaml_test.yaml @@ -645,11 +645,6 @@ tests: pattern: | drift_control: enabled: false - - matchRegex: - path: data['dragent.yaml'] - pattern: | - file_integrity_monitoring: - enabled: false - matchRegex: path: data['dragent.yaml'] pattern: | diff --git a/charts/shield/tests/host/configmap-host-shield-config_test.yaml b/charts/shield/tests/host/configmap-host-shield-config_test.yaml index 090e88886..9a13d5d66 100644 --- a/charts/shield/tests/host/configmap-host-shield-config_test.yaml +++ b/charts/shield/tests/host/configmap-host-shield-config_test.yaml @@ -21,6 +21,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -50,6 +52,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -79,6 +83,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -108,6 +114,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -137,6 +145,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -161,6 +171,8 @@ tests: pattern: | features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -193,6 +205,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -224,6 +238,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -271,6 +287,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -339,6 +357,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -427,6 +447,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: false posture: @@ -457,6 +479,8 @@ tests: pattern: |- features: detections: + file_integrity_monitoring: + enabled: false ml_policies: enabled: true posture: @@ -474,6 +498,37 @@ tests: enabled: false integration_enabled: false + - it: Enable File Integrity Monitoring + set: + features: + detections: + file_integrity_monitoring: + enabled: true + asserts: + - matchRegex: + path: data['host-shield.yaml'] + pattern: |- + features: + detections: + file_integrity_monitoring: + enabled: true + ml_policies: + enabled: false + posture: + host_posture: + enabled: false + respond: + rapid_response: + enabled: false + response_actions: + enabled: false + vulnerability_management: + host_vulnerability_management: + enabled: false + in_use: + enabled: false + integration_enabled: false + - it: Ensure Local Forwarder set: features: From c6f50a16e8de953932cec9f2199772c13a865a41 Mon Sep 17 00:00:00 2001 From: Roberto Scolaro Date: Mon, 1 Dec 2025 16:12:42 +0000 Subject: [PATCH 3/3] fix(shield): address review comments Signed-off-by: Roberto Scolaro --- charts/shield/templates/host/_configmap_helpers.tpl | 2 -- .../tests/host/configmap-dragent-yaml_test.yaml | 13 ------------- 2 files changed, 15 deletions(-) diff --git a/charts/shield/templates/host/_configmap_helpers.tpl b/charts/shield/templates/host/_configmap_helpers.tpl index 5f828b7a3..eeab7b4e3 100644 --- a/charts/shield/templates/host/_configmap_helpers.tpl +++ b/charts/shield/templates/host/_configmap_helpers.tpl @@ -106,8 +106,6 @@ true (dict "enabled" .investigations.audit_tap.enabled) "drift_control" (dict "enabled" .detections.drift_control.enabled) - "file_integrity_monitoring" - (dict "enabled" .detections.file_integrity_monitoring.enabled) "jmx" (dict "enabled" (dig (include "host.monitor_key" .) "java_management_extensions" "enabled" false .)) "live_logs" diff --git a/charts/shield/tests/host/configmap-dragent-yaml_test.yaml b/charts/shield/tests/host/configmap-dragent-yaml_test.yaml index ec960e796..8d688c4f7 100644 --- a/charts/shield/tests/host/configmap-dragent-yaml_test.yaml +++ b/charts/shield/tests/host/configmap-dragent-yaml_test.yaml @@ -780,19 +780,6 @@ tests: malware_control: enabled: true - - it: Enable File Integrity Monitoring - set: - features: - detections: - file_integrity_monitoring: - enabled: true - asserts: - - matchRegex: - path: data['dragent.yaml'] - pattern: | - file_integrity_monitoring: - enabled: true - - it: Enable Network Security set: features: