github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-13 05:22:34 +00:00
Code Issues Projects Releases Wiki Activity

Add addl bitnami conditions.

Browse Source
This commit is contained in:
Mark Stemm
2017-11-07 09:52:14 -08:00
parent 480ba4e0f8
commit 15e2d0bf7e
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@@ -464,7 +464,9 @@
proc.aname[4]=assemble))
- macro: node_running_bitnami
condition: proc.pname=node and proc.cmdline startswith "sh -c /opt/bitnami"
condition: (proc.pname=node and
(proc.cmdline startswith "sh -c /opt/bitnami" or
proc.cmdline startswith "sh -c bin/redis-server /opt/bitnami"))
- macro: node_running_threatstack
condition: proc.pcmdline startswith "node /opt/threatstack/node_modules"