Let needrestart run shells.

https://github.com/liske/needrestart
2025-08-20 23:33:22 +00:00 · 2017-08-11 15:40:31 -07:00 · 2017-08-11 15:40:31 -07:00 · 1f008d6c39
commit 1f008d6c39
parent dc44655ec2
1 changed files with 6 additions and 1 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@ -279,6 +279,10 @@
 - list: cron_binaries
  items: [anacron, cron, crond]

+# https://github.com/liske/needrestart
+- list: needrestart_binaries
+  items: [needrestart, 10-dpkg, 20-rpm, 30-pacman]
+
 # System users that should never log into a system. Consider adding your own
 # service users (e.g. 'apache' or 'mysqld') here.
 - macro: system_users
@ -533,7 +537,7 @@
    and proc.pname exists
    and not proc.pname in (cron_binaries, shell_binaries, make_binaries, known_shell_spawn_binaries, docker_binaries,
                           k8s_binaries, package_mgmt_binaries, aide_wrapper_binaries, nids_binaries,
-                           monitoring_binaries, gitlab_binaries, mesos_slave_binaries, keepalived_binaries)
+                           monitoring_binaries, gitlab_binaries, mesos_slave_binaries, keepalived_binaries, needrestart_binaries)
    and not parent_ansible_running_python
    and not parent_bro_running_python
    and not parent_python_running_denyhosts
@ -668,6 +672,7 @@
    and not proc.pname in (shell_binaries, make_binaries, docker_binaries, k8s_binaries, package_mgmt_binaries,
                           lxd_binaries, mesos_slave_binaries, aide_wrapper_binaries, nids_binaries,
                           user_known_container_shell_spawn_binaries,
+                           needrestart_binaries,
                           monitoring_binaries, gitlab_binaries, initdb, pg_ctl, awk, falco, cron,
                           erl_child_setup, ceph, PM2, pycompile, py3compile, hhvm, npm, mysql_install_d, serf,
                           runsv, supervisord, varnishd, crond)