From 2e97d0e27ca1647e3da86a86afd8cf90e8cb2ff1 Mon Sep 17 00:00:00 2001 From: Leonardo Di Donato Date: Fri, 9 Apr 2021 14:50:32 +0000 Subject: [PATCH] chore(rules): cleanup old macros Co-authored-by: Lorenzo Fontana Co-authored-by: Leonardo Grasso Signed-off-by: Leonardo Di Donato --- rules/falco_rules.yaml | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml index 5cd36c4c..399fd952 100644 --- a/rules/falco_rules.yaml +++ b/rules/falco_rules.yaml @@ -538,11 +538,6 @@ - macro: system_users condition: user.name in (bin, daemon, games, lp, mail, nobody, sshd, sync, uucp, www-data) -- macro: parent_python_running_sdchecks - condition: > - (proc.pname in (python, python2.7) and - (proc.pcmdline contains /opt/draios/bin/sdchecks)) - - macro: python_running_sdchecks condition: > (proc.name in (python, python2.7) and @@ -1759,13 +1754,6 @@ - list: trusted_images items: [] -# NOTE: This macro is only provided for backwards compatibility with -# older local falco rules files that may have been appending to -# trusted_images. To make customizations, it's better to add containers to -# user_trusted_containers, user_privileged_containers or user_sensitive_mount_containers. -- macro: trusted_containers - condition: (container.image.repository in (trusted_images)) - # Add conditions to this macro (probably in a separate file, # overwriting this macro) to specify additional containers that are # trusted and therefore allowed to run privileged *and* with sensitive @@ -1832,12 +1820,6 @@ - macro: user_privileged_containers condition: (never_true) -- list: rancher_images - items: [ - rancher/network-manager, rancher/dns, rancher/agent, - rancher/lb-service-haproxy, rancher/metadata, rancher/healthcheck - ] - # These container images are allowed to mount sensitive paths from the # host filesystem. - list: falco_sensitive_mount_images @@ -2849,10 +2831,6 @@ - macro: enabled_rule_network_only_subnet condition: (never_true) -# Images that are allowed to have outbound traffic -- list: images_allow_network_outside_subnet - items: [] - # Namespaces where the rule is enforce - list: namespace_scope_network_only_subnet items: [] @@ -2892,9 +2870,6 @@ - list: allowed_image items: [] # add image to monitor, i.e.: bitnami/nginx -- list: authorized_server_binaries - items: [] # add binary to allow, i.e.: nginx - - list: authorized_server_port items: [] # add port to allow, i.e.: 80