mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-06 03:16:46 +00:00
tests: fix rule paths
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
This commit is contained in:
Andrea Terzolo
poiana
parent
0918cd0c54
commit
059a28184d
@ -21,7 +21,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/engine_v4/allow_only_apache_container.yaml
|
||||
detect_counts:
|
||||
@ -33,7 +33,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/engine_v4/allow_nginx_container.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
@ -44,7 +44,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Create Privileged Pod: 1
|
||||
@ -55,7 +55,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/trust_nginx_container.yaml
|
||||
@ -66,7 +66,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_unprivileged.json
|
||||
@ -76,7 +76,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Create HostNetwork Pod: 1
|
||||
@ -87,7 +87,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/trust_nginx_container.yaml
|
||||
@ -99,7 +99,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/allow_namespace_foo.yaml
|
||||
detect_counts:
|
||||
@ -111,7 +111,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/allow_namespace_foo.yaml
|
||||
- ./rules/k8s_audit/allow_user_some-user.yaml
|
||||
@ -124,7 +124,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/allow_only_apache_container.yaml
|
||||
detect_counts:
|
||||
@ -136,7 +136,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/allow_nginx_container.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
@ -147,7 +147,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Create Privileged Pod: 1
|
||||
@ -159,7 +159,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Create Privileged Pod: 1
|
||||
@ -171,7 +171,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Create Privileged Pod: 1
|
||||
@ -182,7 +182,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/trust_nginx_container.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
@ -192,7 +192,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_unprivileged.json
|
||||
@ -201,7 +201,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/trust_nginx_container.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
@ -212,7 +212,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Create Sensitive Mount Pod: 1
|
||||
@ -224,7 +224,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Create Sensitive Mount Pod: 1
|
||||
@ -235,7 +235,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/trust_nginx_container.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
@ -245,7 +245,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_unsensitive_mount.json
|
||||
@ -254,7 +254,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/trust_nginx_container.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
@ -265,7 +265,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Create HostNetwork Pod: 1
|
||||
@ -276,7 +276,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/trust_nginx_container.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
@ -286,7 +286,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_nohostnetwork.json
|
||||
@ -295,7 +295,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/trust_nginx_container.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
@ -306,7 +306,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/disallow_kactivity.yaml
|
||||
detect_counts:
|
||||
@ -318,7 +318,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/disallow_kactivity.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
@ -329,7 +329,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/disallow_kactivity.yaml
|
||||
detect_counts:
|
||||
@ -341,7 +341,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/disallow_kactivity.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
@ -352,7 +352,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Anonymous Request Allowed: 1
|
||||
@ -364,7 +364,7 @@ trace_files: !mux
|
||||
detect_level: NOTICE
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Attach/Exec Pod: 1
|
||||
@ -376,7 +376,7 @@ trace_files: !mux
|
||||
detect_level: NOTICE
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Attach/Exec Pod: 1
|
||||
@ -388,7 +388,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/allow_user_some-user.yaml
|
||||
detect_counts:
|
||||
@ -400,7 +400,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/allow_namespace_foo.yaml
|
||||
- ./rules/k8s_audit/disallow_kactivity.yaml
|
||||
@ -412,7 +412,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Pod Created in Kube Namespace: 1
|
||||
@ -424,7 +424,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Pod Created in Kube Namespace: 1
|
||||
@ -436,7 +436,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Service Account Created in Kube Namespace: 1
|
||||
@ -448,7 +448,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Service Account Created in Kube Namespace: 1
|
||||
@ -460,7 +460,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- System ClusterRole Modified/Deleted: 1
|
||||
@ -472,7 +472,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- System ClusterRole Modified/Deleted: 1
|
||||
@ -484,7 +484,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- Attach to cluster-admin Role: 1
|
||||
@ -496,7 +496,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- ClusterRole With Wildcard Created: 1
|
||||
@ -508,7 +508,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- ClusterRole With Wildcard Created: 1
|
||||
@ -520,7 +520,7 @@ trace_files: !mux
|
||||
detect_level: NOTICE
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- ClusterRole With Write Privileges Created: 1
|
||||
@ -532,7 +532,7 @@ trace_files: !mux
|
||||
detect_level: WARNING
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- ClusterRole With Pod Exec Created: 1
|
||||
@ -544,7 +544,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Deployment Created: 1
|
||||
@ -556,7 +556,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Deployment Deleted: 1
|
||||
@ -568,7 +568,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Service Created: 1
|
||||
@ -580,7 +580,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Service Deleted: 1
|
||||
@ -592,7 +592,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s ConfigMap Created: 1
|
||||
@ -604,7 +604,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s ConfigMap Deleted: 1
|
||||
@ -616,7 +616,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
- ./rules/k8s_audit/allow_namespace_foo.yaml
|
||||
- ./rules/k8s_audit/allow_user_some-user.yaml
|
||||
@ -630,7 +630,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Namespace Deleted: 1
|
||||
@ -642,7 +642,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Serviceaccount Created: 1
|
||||
@ -654,7 +654,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Serviceaccount Deleted: 1
|
||||
@ -666,7 +666,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Role/Clusterrole Created: 1
|
||||
@ -678,7 +678,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Role/Clusterrole Deleted: 1
|
||||
@ -690,7 +690,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Role/Clusterrolebinding Created: 1
|
||||
@ -702,7 +702,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Role/Clusterrolebinding Deleted: 1
|
||||
@ -714,7 +714,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Secret Created: 1
|
||||
@ -727,7 +727,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_service_account_token_secret.json
|
||||
@ -737,7 +737,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_kube_system_secret.json
|
||||
@ -747,7 +747,7 @@ trace_files: !mux
|
||||
detect_level: INFO
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Secret Deleted: 1
|
||||
@ -758,7 +758,7 @@ trace_files: !mux
|
||||
detect: False
|
||||
enable_source: k8s_audit
|
||||
rules_file:
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml
|
||||
- BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml
|
||||
- BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/fal_01_003.json
|
||||
@ -773,4 +773,4 @@ trace_files: !mux
|
||||
detect_counts:
|
||||
- json_pointer_example: 1
|
||||
conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml
|
||||
addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_unprivileged.json
|
||||
addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_unprivileged.json
|
||||
|
||||
@ -99,7 +99,7 @@ class FalcoTest(Test):
|
||||
self.addl_cmdline_opts = self.params.get('addl_cmdline_opts', '*', default='')
|
||||
self.enable_source = self.params.get('enable_source', '*', default='')
|
||||
self.rules_file = self.params.get(
|
||||
'rules_file', '*', default='BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml')
|
||||
'rules_file', '*', default='BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml')
|
||||
|
||||
if not isinstance(self.rules_file, list):
|
||||
self.rules_file = [self.rules_file]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user