github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-29 08:07:24 +00:00
Code Issues Projects Releases Wiki Activity

Let git modify nssdb

Browse Source 
Let git-remote-http modify files below the nssdb.
This commit is contained in:
Mark Stemm 2017-10-09 10:37:33 -07:00
parent 1b591dc4f3
commit 0fcd01f98d
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rules/falco_rules.yaml
View File

@ -444,7 +444,10 @@
condition: (proc.name=start-fluentd and fd.name in (/etc/fluent/fluent.conf, /etc/td-agent/td-agent.conf)) condition: (proc.name=start-fluentd and fd.name in (/etc/fluent/fluent.conf, /etc/td-agent/td-agent.conf))
- macro: qualys_writing_conf_files - macro: qualys_writing_conf_files
condition: proc.name=qualys-cloud-ag and fd.name=/etc/qualys/cloud-agent/qagent-log.conf condition: (proc.name=qualys-cloud-ag and fd.name=/etc/qualys/cloud-agent/qagent-log.conf)
- macro: git_writing_nssdb
condition: (proc.cmdline="git-remote-http origin" and fd.directory=/etc/pki/nssdb)
# Add conditions to this macro (probably in a separate file, # Add conditions to this macro (probably in a separate file,
# overwriting this macro) to allow for specific combinations of # overwriting this macro) to allow for specific combinations of
@ -484,6 +487,7 @@
and not run_by_centrify and not run_by_centrify
and not run_by_adclient and not run_by_adclient
and not qualys_writing_conf_files and not qualys_writing_conf_files
and not git_writing_nssdb
- rule: Write below etc - rule: Write below etc
desc: an attempt to write to any file below /etc, not in a pipe installer session desc: an attempt to write to any file below /etc, not in a pipe installer session