From 27037e64cce446ee8c7a88d50133cd83601ea984 Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Fri, 26 Jun 2020 12:40:28 +0200 Subject: [PATCH] chore(rules): remove redundant condition from `root_dir` macro Signed-off-by: Leonardo Grasso --- rules/falco_rules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml index 5a5f47c6..55b4be28 100644 --- a/rules/falco_rules.yaml +++ b/rules/falco_rules.yaml @@ -110,7 +110,7 @@ # This detects writes immediately below / or any write anywhere below /root - macro: root_dir - condition: ((fd.directory=/ or fd.name startswith /root/) and fd.name contains "/") + condition: (fd.directory=/ or fd.name startswith /root/) - list: shell_binaries items: [ash, bash, csh, ksh, sh, tcsh, zsh, dash]