github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-31 06:10:45 +00:00
Code Issues Projects Releases Wiki Activity

chore(rules): remove redundant condition from root_dir macro

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso
2020-06-26 12:40:28 +02:00
committed by poiana
parent 1859552834
commit 27037e64cc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/falco_rules.yaml
View File

@@ -110,7 +110,7 @@
# This detects writes immediately below / or any write anywhere below /root # This detects writes immediately below / or any write anywhere below /root
- macro: root_dir - macro: root_dir
condition: ((fd.directory=/ or fd.name startswith /root/) and fd.name contains "/") condition: (fd.directory=/ or fd.name startswith /root/)
- list: shell_binaries - list: shell_binaries
items: [ash, bash, csh, ksh, sh, tcsh, zsh, dash] items: [ash, bash, csh, ksh, sh, tcsh, zsh, dash]