mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-30 21:55:56 +00:00
chore(rules): add renameat2 to rename macro
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso
poiana
parent
ff77a36a03
commit
1f1f7c16b6
@ -55,11 +55,12 @@
|
||||
- macro: proc_name_exists
|
||||
condition: (proc.name!="<NA>")
|
||||
|
||||
# todo(leogr): we miss "renameat2", but it's not yet supported by sinsp
|
||||
- macro: rename
|
||||
condition: evt.type in (rename, renameat)
|
||||
condition: evt.type in (rename, renameat, renameat2)
|
||||
|
||||
- macro: mkdir
|
||||
condition: evt.type in (mkdir, mkdirat)
|
||||
|
||||
- macro: remove
|
||||
condition: evt.type in (rmdir, unlink, unlinkat)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user