Skip to content

Commit

Permalink
Add keepalived to list oh shell spawning binaries.
Browse files Browse the repository at this point in the history 
sysdig-CLA-1.0-signed-off-by: Daniel Kerwin <daniel@gini.net>
  • Loading branch information
@dkerwin
dkerwin committed Sep 4, 2017
1 parent 240a8ff commit 598cbbe
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion rules/falco_rules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,9 @@
- list: make_binaries
items: [make, gmake, cmake]

- list: keepalived_binaries
items: [keepalived]

- macro: sensitive_files
condition: >
fd.name startswith /etc and
Expand Down Expand Up @@ -484,7 +487,7 @@
and proc.pname exists
and not proc.pname in (cron_binaries, shell_binaries, make_binaries, known_shell_spawn_binaries, docker_binaries,
k8s_binaries, package_mgmt_binaries, aide_wrapper_binaries, nids_binaries,
monitoring_binaries, gitlab_binaries, mesos_slave_binaries)
monitoring_binaries, gitlab_binaries, mesos_slave_binaries, keepalived_binaries)
and not parent_ansible_running_python
and not parent_bro_running_python
and not parent_python_running_denyhosts
Expand Down

0 comments on commit 598cbbe

Please sign in to comment.