mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-22 03:49:36 +00:00
spelling: expand
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
This commit is contained in:
Josh Soref
poiana
@@ -366,7 +366,7 @@
|
|||||||
tags: [k8s]
|
tags: [k8s]
|
||||||
|
|
||||||
# Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
# Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
||||||
# (exapand this to any built-in cluster role that does "sensitive" things)
|
# (expand this to any built-in cluster role that does "sensitive" things)
|
||||||
- rule: Attach to cluster-admin Role
|
- rule: Attach to cluster-admin Role
|
||||||
desc: Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
desc: Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
||||||
condition: kevt and clusterrolebinding and kcreate and ka.req.binding.role=cluster-admin
|
condition: kevt and clusterrolebinding and kcreate and ka.req.binding.role=cluster-admin
|
||||||
|
|||||||
@@ -246,7 +246,7 @@
|
|||||||
tags: [k8s]
|
tags: [k8s]
|
||||||
|
|
||||||
# Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
# Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
||||||
# (exapand this to any built-in cluster role that does "sensitive" things)
|
# (expand this to any built-in cluster role that does "sensitive" things)
|
||||||
- rule: Attach to cluster-admin Role
|
- rule: Attach to cluster-admin Role
|
||||||
desc: Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
desc: Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
||||||
condition: kevt and clusterrolebinding and kcreate and ka.req.binding.role=cluster-admin
|
condition: kevt and clusterrolebinding and kcreate and ka.req.binding.role=cluster-admin
|
||||||
|
|||||||
Reference in New Issue
Block a user