github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-26 06:42:08 +00:00
Code Issues Projects Releases Wiki Activity

spelling: multitrailing

Browse Source 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
This commit is contained in:
Josh Soref 2022-02-24 01:48:07 -05:00 committed by poiana
parent d685e0967a
commit 35d0f0603f
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
test/falco_tests.yaml
View File

@ -44,8 +44,8 @@ trace_files: !mux
- not_equals_after_evttype: [execve]
- not_after_evttype: [execve]
- leading_trailing_evttypes: [execve,open]
- leading_multtrailing_evttypes: [connect,execve,open]
- leading_multtrailing_evttypes_using_in: [connect,execve,open]
- leading_multitrailing_evttypes: [connect,execve,open]
- leading_multitrailing_evttypes_using_in: [connect,execve,open]
- not_equals_at_end: [all]
- not_at_end: [all]
- not_before_trailing_evttype: [all]

4
test/rules/falco_rules_warnings.yaml
View File

@ -56,13 +56,13 @@
output: "None"
priority: WARNING
- rule: leading_multtrailing_evttypes
- rule: leading_multitrailing_evttypes
desc: one evttype at beginning, multiple at end
condition: evt.type=execve and proc.name=foo or evt.type=open or evt.type=connect
output: "None"
priority: WARNING
- rule: leading_multtrailing_evttypes_using_in
- rule: leading_multitrailing_evttypes_using_in
desc: one evttype at beginning, multiple at end, using in
condition: evt.type=execve and proc.name=foo or evt.type in (open, connect)
output: "None"