mirror of
https://github.com/falcosecurity/falco.git
synced 2025-06-26 14:52:20 +00:00
spelling: expand
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
This commit is contained in:
Josh Soref
poiana
parent
4a8bec09d7
commit
19ab9e5f35
@ -366,7 +366,7 @@
|
|||||||
tags: [k8s]
|
tags: [k8s]
|
||||||
|
|
||||||
# Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
# Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
||||||
# (exapand this to any built-in cluster role that does "sensitive" things)
|
# (expand this to any built-in cluster role that does "sensitive" things)
|
||||||
- rule: Attach to cluster-admin Role
|
- rule: Attach to cluster-admin Role
|
||||||
desc: Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
desc: Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
||||||
condition: kevt and clusterrolebinding and kcreate and ka.req.binding.role=cluster-admin
|
condition: kevt and clusterrolebinding and kcreate and ka.req.binding.role=cluster-admin
|
||||||
|
|||||||
@ -246,7 +246,7 @@
|
|||||||
tags: [k8s]
|
tags: [k8s]
|
||||||
|
|
||||||
# Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
# Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
||||||
# (exapand this to any built-in cluster role that does "sensitive" things)
|
# (expand this to any built-in cluster role that does "sensitive" things)
|
||||||
- rule: Attach to cluster-admin Role
|
- rule: Attach to cluster-admin Role
|
||||||
desc: Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
desc: Detect any attempt to create a ClusterRoleBinding to the cluster-admin user
|
||||||
condition: kevt and clusterrolebinding and kcreate and ka.req.binding.role=cluster-admin
|
condition: kevt and clusterrolebinding and kcreate and ka.req.binding.role=cluster-admin
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user