github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-09 10:07:57 +00:00
Code Issues Projects Releases Wiki Activity

Update rules/falco_rules.yaml to delete enabled field

Browse Source 
Co-authored-by: schie <77834235+darryk10@users.noreply.github.com>
Signed-off-by: Hi120ki <12624257+hi120ki@users.noreply.github.com>
This commit is contained in:
Hi120ki 2022-09-09 16:52:30 +09:00 committed by poiana
parent 39de011751
commit 36a08aee13
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/falco_rules.yaml
View File

@ -3227,7 +3227,6 @@
condition: > condition: >
container and open_read and (fd.name glob /proc/*/environ) container and open_read and (fd.name glob /proc/*/environ)
and not proc.name in (known_binaries_to_read_environment_variables_from_proc_files) and not proc.name in (known_binaries_to_read_environment_variables_from_proc_files)
enabled: true
output: > output: >
Environment variables were retrieved from /proc files (user=%user.name user_loginuid=%user.loginuid program=%proc.name Environment variables were retrieved from /proc files (user=%user.name user_loginuid=%user.loginuid program=%proc.name
command=%proc.cmdline file=%fd.name parent=%proc.pname gparent=%proc.aname[2] ggparent=%proc.aname[3] gggparent=%proc.aname[4] container_id=%container.id image=%container.image.repository) command=%proc.cmdline file=%fd.name parent=%proc.pname gparent=%proc.aname[2] ggparent=%proc.aname[3] gggparent=%proc.aname[4] container_id=%container.id image=%container.image.repository)