github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-21 15:53:27 +00:00
Code Issues Projects Releases Wiki Activity

Let needrestart run shells.

Browse Source 
https://github.com/liske/needrestart
This commit is contained in:
Mark Stemm 2017-08-11 15:40:31 -07:00
parent dc44655ec2
commit 1f008d6c39
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
rules/falco_rules.yaml
View File

@ -279,6 +279,10 @@
- list: cron_binaries - list: cron_binaries
items: [anacron, cron, crond] items: [anacron, cron, crond]
# https://github.com/liske/needrestart
- list: needrestart_binaries
items: [needrestart, 10-dpkg, 20-rpm, 30-pacman]
# System users that should never log into a system. Consider adding your own # System users that should never log into a system. Consider adding your own
# service users (e.g. 'apache' or 'mysqld') here. # service users (e.g. 'apache' or 'mysqld') here.
- macro: system_users - macro: system_users
@ -533,7 +537,7 @@
and proc.pname exists and proc.pname exists
and not proc.pname in (cron_binaries, shell_binaries, make_binaries, known_shell_spawn_binaries, docker_binaries, and not proc.pname in (cron_binaries, shell_binaries, make_binaries, known_shell_spawn_binaries, docker_binaries,
k8s_binaries, package_mgmt_binaries, aide_wrapper_binaries, nids_binaries, k8s_binaries, package_mgmt_binaries, aide_wrapper_binaries, nids_binaries,
monitoring_binaries, gitlab_binaries, mesos_slave_binaries, keepalived_binaries) monitoring_binaries, gitlab_binaries, mesos_slave_binaries, keepalived_binaries, needrestart_binaries)
and not parent_ansible_running_python and not parent_ansible_running_python
and not parent_bro_running_python and not parent_bro_running_python
and not parent_python_running_denyhosts and not parent_python_running_denyhosts
@ -668,6 +672,7 @@
and not proc.pname in (shell_binaries, make_binaries, docker_binaries, k8s_binaries, package_mgmt_binaries, and not proc.pname in (shell_binaries, make_binaries, docker_binaries, k8s_binaries, package_mgmt_binaries,
lxd_binaries, mesos_slave_binaries, aide_wrapper_binaries, nids_binaries, lxd_binaries, mesos_slave_binaries, aide_wrapper_binaries, nids_binaries,
user_known_container_shell_spawn_binaries, user_known_container_shell_spawn_binaries,
needrestart_binaries,
monitoring_binaries, gitlab_binaries, initdb, pg_ctl, awk, falco, cron, monitoring_binaries, gitlab_binaries, initdb, pg_ctl, awk, falco, cron,
erl_child_setup, ceph, PM2, pycompile, py3compile, hhvm, npm, mysql_install_d, serf, erl_child_setup, ceph, PM2, pycompile, py3compile, hhvm, npm, mysql_install_d, serf,
runsv, supervisord, varnishd, crond) runsv, supervisord, varnishd, crond)