github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-13 06:24:29 +00:00
Code Issues Projects Releases Wiki Activity

Let fluentd write multiple files

Browse Source 
Rename fluentd_writing_fluentd_conf to fluentd_writing_conf_files and
add additional files that it can modify below /etc.
This commit is contained in:
Mark Stemm 2017-08-24 10:25:34 -07:00
parent 42167e53cc
commit 46f993fa40
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rules/falco_rules.yaml
View File

@ -397,8 +397,8 @@
- list: safe_etc_dirs - list: safe_etc_dirs
items: [/etc/cassandra, /etc/ssl/certs/java, /etc/logstash, /etc/nginx/conf.d, /etc/container_environment] items: [/etc/cassandra, /etc/ssl/certs/java, /etc/logstash, /etc/nginx/conf.d, /etc/container_environment]
- macro: fluentd_writing_fluentd_conf - macro: fluentd_writing_conf_files
condition: (proc.name=start-fluentd and fd.name=/etc/fluent/fluent.conf) condition: (proc.name=start-fluentd and fd.name in (/etc/fluent/fluent.conf, /etc/td-agent/td-agent.conf))
- macro: write_etc_common - macro: write_etc_common
condition: > condition: >
@ -418,7 +418,7 @@
and not fd.name in (/etc/container_environment.sh, /etc/container_environment.json) and not fd.name in (/etc/container_environment.sh, /etc/container_environment.json)
and not ansible_running_python and not ansible_running_python
and not python_running_denyhosts and not python_running_denyhosts
and not fluentd_writing_fluentd_conf and not fluentd_writing_conf_files
- rule: Write below etc - rule: Write below etc
desc: an attempt to write to any file below /etc, not in a pipe installer session desc: an attempt to write to any file below /etc, not in a pipe installer session