github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-13 20:05:49 +00:00
Code Issues Projects Releases Wiki Activity

chore(rules): re-enable negation of package_mgmt_procs for Write below binary dir rule

Browse Source 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato 2021-04-09 14:31:10 +00:00 committed by poiana
parent bd562a1ed9
commit 06086df21e
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/falco_rules.yaml
View File

@ -892,6 +892,7 @@
desc: an attempt to write to any file below a set of binary directories desc: an attempt to write to any file below a set of binary directories
condition: > condition: >
bin_dir and evt.dir = < and open_write bin_dir and evt.dir = < and open_write
and not package_mgmt_procs
and not exe_running_docker_save and not exe_running_docker_save
and not python_running_get_pip and not python_running_get_pip
and not python_running_ms_oms and not python_running_ms_oms