github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 08:32:12 +00:00
Code Issues Projects Releases Wiki Activity

Add addl shell spawn conditions

Browse Source 
flock can spawn shells, new allowed shell cmdline.
This commit is contained in:
Mark Stemm 2017-11-08 13:41:43 -08:00
parent 2cbff6ff70
commit 2467766f07
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rules/falco_rules.yaml
View File

@ -1058,6 +1058,7 @@
'"sh -c getconf CLK_TCK"', '"sh -c getconf CLK_TCK"',
'"sh -c getconf PAGESIZE"', '"sh -c getconf PAGESIZE"',
'"sh -c LC_ALL=C LANG=C /sbin/ldconfig -p 2>/dev/null"', '"sh -c LC_ALL=C LANG=C /sbin/ldconfig -p 2>/dev/null"',
'"sh -c LANG=C /sbin/ldconfig -p 2>/dev/null"',
'"sh -c /sbin/ldconfig -p 2>/dev/null"', '"sh -c /sbin/ldconfig -p 2>/dev/null"',
'"sh -c stty -a 2>/dev/null"', '"sh -c stty -a 2>/dev/null"',
'"sh -c node index.js"', '"sh -c node index.js"',
@ -1133,7 +1134,7 @@
runsv, supervisord, varnishd, crond, logrotate, timeout, tini, runsv, supervisord, varnishd, crond, logrotate, timeout, tini,
xrdb, xfce4-session, weave, logdna-agent, bundle, configure, luajit, nginx, xrdb, xfce4-session, weave, logdna-agent, bundle, configure, luajit, nginx,
beam.smp, paster, postfix-local, hawkular-metric, fluentd, x2gormforward, beam.smp, paster, postfix-local, hawkular-metric, fluentd, x2gormforward,
'"[celeryd:"') '"[celeryd:"', flock)
and not trusted_containers and not trusted_containers
and not shell_spawning_containers and not shell_spawning_containers
and not parent_java_running_echo and not parent_java_running_echo