Add additional node/edi command lines.

2025-06-30 16:42:14 +00:00 · 2017-08-25 08:08:02 -07:00 · 2017-08-25 08:08:02 -07:00 · 3b5f959de9
commit 3b5f959de9
parent a4d3d4d731
1 changed files with 3 additions and 1 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@ -725,7 +725,9 @@

 # Temporarily adding as an example
 - macro: node_running_edi_dynamodb
-  condition: proc.pname=node and proc.pcmdline contains /var/www/edi/process.js
+  condition: >
+    (proc.pname=node and (proc.pcmdline contains /var/www/edi/process.js or
+                          proc.pcmdline contains "sh -c /var/www/edi/bin/sftp.sh"))

 - rule: Run shell in container
  desc: a shell was spawned by a non-shell program in a container. Container entrypoints are excluded.