Release v0.13.3 (#412)

step-security · Jun 15, 2023 · de3a03e · de3a03e
1 parent bf2b016
commit de3a03e
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/dnsproxy.go b/dnsproxy.go
@@ -158,7 +158,7 @@ func (proxy *DNSProxy) ResolveDomain(domain string) (*Answer, error) {
 		}
 	}
 
-	return nil, fmt.Errorf("unable to resolve domain %s", domain)
+	return nil, fmt.Errorf("unable to resolve domain %s, status %d", domain, dnsReponse.Status)
 }
 
 func getDomainFromCloudAppFormat(domain string) string {
@@ -217,7 +217,7 @@ func (proxy *DNSProxy) getIPByDomain(domain string) (string, error) {
 
 	answer, err := proxy.ResolveDomain(domain)
 	if err != nil {
-		go WriteLog(fmt.Sprintf("unable to resolve domain: %s", domain))
+		go WriteLog(fmt.Sprintf("unable to resolve domain: %s err: %v", domain, err))
 		return "", fmt.Errorf("error in response from dns.google %v", err)
 	}
 

diff --git a/eventhandler.go b/eventhandler.go
@@ -189,7 +189,11 @@ func (eventHandler *EventHandler) handleNetworkEvent(event *Event) {
 			}
 			reverseLookUp := eventHandler.DNSProxy.GetReverseIPLookup(event.IPAddress)
 			eventHandler.ApiClient.sendNetConnection(eventHandler.CorrelationId, eventHandler.Repo, event.IPAddress, event.Port, reverseLookUp, "", event.Timestamp, tool)
-			WriteLog(fmt.Sprintf("endpoint called ip address:port %s:%s, domain: %s", event.IPAddress, event.Port, reverseLookUp))
+			process := ""
+			if image == "" {
+				process = tool.Name
+			}
+			WriteLog(fmt.Sprintf("endpoint called ip address:port %s:%s, domain: %s, pid: %s, process: %s", event.IPAddress, event.Port, reverseLookUp, event.Pid, process))
 			eventHandler.ProcessConnectionMap[cacheKey] = true
 		}
 	}

diff --git a/firewall.go b/firewall.go
@@ -24,6 +24,7 @@ const (
 	accept                    = "ACCEPT"
 	reject                    = "REJECT"
 	dnsServerIP               = "8.8.8.8"
+	dnsServerIP2              = "8.8.4.4"
 	classAPrivateAddressRange = "10.0.0.0/8"
 	classBPrivateAddressRange = "172.16.0.0/12"
 	classCPrivateAddressRange = "192.168.0.0/16"
@@ -95,6 +96,14 @@ func addBlockRules(firewall *Firewall, endpoints []ipAddressEndpoint, chain, net
 		return errors.Wrap(err, "failed to add rule")
 	}
 
+	// Allow 8.8.4.4 for dns
+	err = ipt.Append(filterTable, chain, direction, netInterface, protocol, tcp,
+		destination, dnsServerIP2, target, accept)
+
+	if err != nil {
+		return errors.Wrap(err, "failed to add rule")
+	}
+
 	// Allow AzureIPAddress
 	err = ipt.Append(filterTable, chain, direction, netInterface, protocol, tcp,
 		destination, AzureIPAddress, target, accept)