github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-02 23:26:24 +00:00
Code Issues Projects Releases Wiki Activity

Allow Ansible to run using Python 3 (#625)

Browse Source 
Some newer distros default to Python 3 by default, not 2, which causes Ansible to trigger these rules.

falco-CLA-1.0-contributing-entity: 1500 Services Ltd
falco-CLA-1.0-signed-off-by: Chris Northwood <chris.northwood@1500cloud.com>
This commit is contained in:
Chris Northwood
2019-06-05 19:28:49 +01:00
committed by Mark Stemm
parent 7a56f1c2d9
commit 24b4d83eec
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@@ -528,7 +528,7 @@
# compatiblity with some widely used rules files.
# Begin Deprecated
- macro: parent_ansible_running_python
condition: (proc.pname in (python, pypy) and proc.pcmdline contains ansible)
condition: (proc.pname in (python, pypy, python3) and proc.pcmdline contains ansible)
- macro: parent_bro_running_python
condition: (proc.pname=python and proc.cmdline contains /usr/share/broctl)
@@ -610,7 +610,7 @@
## End Deprecated
- macro: ansible_running_python
condition: (proc.name in (python, pypy) and proc.cmdline contains ansible)
condition: (proc.name in (python, pypy, python3) and proc.cmdline contains ansible)
- macro: python_running_chef
condition: (proc.name=python and (proc.cmdline contains yum-dump.py or proc.cmdline="python /usr/bin/chef-monitor.py"))