github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-01 09:02:18 +00:00
Code Issues Projects Releases Wiki Activity

Add additional node/edi command lines.

Browse Source
This commit is contained in:
Mark Stemm 2017-08-25 08:08:02 -07:00
parent a4d3d4d731
commit 3b5f959de9
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@ -725,7 +725,9 @@
# Temporarily adding as an example # Temporarily adding as an example
- macro: node_running_edi_dynamodb - macro: node_running_edi_dynamodb
condition: proc.pname=node and proc.pcmdline contains /var/www/edi/process.js condition: >
(proc.pname=node and (proc.pcmdline contains /var/www/edi/process.js or
proc.pcmdline contains "sh -c /var/www/edi/bin/sftp.sh"))
- rule: Run shell in container - rule: Run shell in container
desc: a shell was spawned by a non-shell program in a container. Container entrypoints are excluded. desc: a shell was spawned by a non-shell program in a container. Container entrypoints are excluded.