mirror of
https://github.com/falcosecurity/falco.git
synced 2025-08-06 00:34:07 +00:00
rules(list user_known_sa_list): revert as an empty list for user overwrite
rules(list known_sa_list): list of known sa moved here from user_known_sa_list Signed-off-by: Lorenzo Fontana <lo@linux.com>
This commit is contained in:
Lorenzo Fontana
poiana
parent
abc79fb548
commit
35fe14e691
@ -347,12 +347,15 @@
|
|||||||
tags: [k8s]
|
tags: [k8s]
|
||||||
|
|
||||||
- list: user_known_sa_list
|
- list: user_known_sa_list
|
||||||
|
items: []
|
||||||
|
|
||||||
|
- list: known_sa_list
|
||||||
items: ["pod-garbage-collector","resourcequota-controller","cronjob-controller","generic-garbage-collector",
|
items: ["pod-garbage-collector","resourcequota-controller","cronjob-controller","generic-garbage-collector",
|
||||||
"daemon-set-controller","endpointslice-controller","deployment-controller", "replicaset-controller",
|
"daemon-set-controller","endpointslice-controller","deployment-controller", "replicaset-controller",
|
||||||
"endpoint-controller"]
|
"endpoint-controller"]
|
||||||
|
|
||||||
- macro: trusted_sa
|
- macro: trusted_sa
|
||||||
condition: (ka.target.name in (user_known_sa_list))
|
condition: (ka.target.name in (known_sa_list, user_known_sa_list))
|
||||||
|
|
||||||
# Detect creating a service account in the kube-system/kube-public namespace
|
# Detect creating a service account in the kube-system/kube-public namespace
|
||||||
- rule: Service Account Created in Kube Namespace
|
- rule: Service Account Created in Kube Namespace
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user