github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-21 09:59:40 +00:00
Code Issues Projects Releases Wiki Activity

Let ruby running pups spawn shells

Browse Source
This commit is contained in:
Mark Stemm 2017-11-10 12:08:35 -08:00
parent e51fbd6569
commit 109f86cd85
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rules/falco_rules.yaml
View File

@ -569,6 +569,9 @@
- macro: parent_ruby_running_discourse - macro: parent_ruby_running_discourse
condition: (proc.pcmdline startswith "ruby /var/www/discourse/vendor/bundle/ruby") condition: (proc.pcmdline startswith "ruby /var/www/discourse/vendor/bundle/ruby")
- macro: parent_ruby_running_pups
condition: (proc.pcmdline startswith "ruby /pups/bin/pups")
- macro: pki_realm_writing_realms - macro: pki_realm_writing_realms
condition: (proc.cmdline startswith "bash /usr/local/lib/pki/pki-realm" and fd.name startswith /etc/pki/realms) condition: (proc.cmdline startswith "bash /usr/local/lib/pki/pki-realm" and fd.name startswith /etc/pki/realms)
@ -920,6 +923,7 @@
and not parent_java_running_appdynamics and not parent_java_running_appdynamics
and not parent_cpanm_running_perl and not parent_cpanm_running_perl
and not parent_ruby_running_discourse and not parent_ruby_running_discourse
and not parent_ruby_running_pups
and not assemble_running_php and not assemble_running_php
and not node_running_bitnami and not node_running_bitnami
and not node_running_threatstack and not node_running_threatstack
@ -1177,6 +1181,7 @@
and not parent_running_datastax and not parent_running_datastax
and not ics_running_java and not ics_running_java
and not parent_ruby_running_discourse and not parent_ruby_running_discourse
and not parent_ruby_running_pups
and not assemble_running_php and not assemble_running_php
and not node_running_bitnami and not node_running_bitnami
and not node_running_threatstack and not node_running_threatstack