From 66c9632c9bf7d6e6c2c8b0b58b1a26010e973419 Mon Sep 17 00:00:00 2001
From: Andon Andonov <andonova@vmware.com>
Date: Thu, 12 Oct 2023 10:57:56 +0300
Subject: [PATCH] vdk-audit: Clean up some audit events

The list of forbidden events that the vdk-audit plugin looks for, is unreasonably restricted by default.
Most of the operations would not affect the security of a cluster or other client operations.

This change removes some events.

Testing Done: N/A, configuration change

Signed-off-by: Andon Andonov <andonova@vmware.com>
---
 .../vdk-audit/src/vdk/plugin/audit/audit_config.py        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/projects/vdk-plugins/vdk-audit/src/vdk/plugin/audit/audit_config.py b/projects/vdk-plugins/vdk-audit/src/vdk/plugin/audit/audit_config.py
index 488309cb85..8a879860e1 100644
--- a/projects/vdk-plugins/vdk-audit/src/vdk/plugin/audit/audit_config.py
+++ b/projects/vdk-plugins/vdk-audit/src/vdk/plugin/audit/audit_config.py
@@ -7,11 +7,11 @@
 AUDIT_HOOK_EXIT_ON_FORBIDDEN_EVENT = "EXIT_ON_FORBIDDEN_EVENT"
 AUDIT_HOOK_EXIT_CODE = "EXIT_CODE"
 AUDIT_HOOK_FORBIDDEN_EVENTS_LIST_DEFAULT = (
-    "os.system;os.chdir;os.chflags;os.chmod;os.chown;os.fork;"
-    "os.forkpty;os.getxattr;os.kill;os.killpg;os.link;os.listxattr;"
+    "os.system;os.chdir;os.chflags;os.chown;os.fork;"
+    "os.forkpty;os.getxattr;os.killpg;os.link;os.listxattr;"
     "os.lockf;os.posix_spawn;os.putenv;os.removexattr;os.rmdir;"
-    "os.scandir;os.setxattr;os.spawn;os.startfile;os.symlink;"
-    "os.truncate;os.unsetenv;os.utime;pty.spawn;os.spawn;"
+    "os.setxattr;os.spawn;os.startfile;os.symlink;"
+    "os.truncate;os.unsetenv;pty.spawn;os.spawn;"
     "os.posix_spawn;subprocess.run"
 )