github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-13 14:34:33 +00:00
Code Issues Projects Releases Wiki Activity

Let fluentd write multiple files

Browse Source 
Rename fluentd_writing_fluentd_conf to fluentd_writing_conf_files and
add additional files that it can modify below /etc.
This commit is contained in:
Mark Stemm 2017-08-24 10:25:34 -07:00
parent 42167e53cc
commit 46f993fa40
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rules/falco_rules.yaml
View File

@ -397,8 +397,8 @@
- list: safe_etc_dirs
items: [/etc/cassandra, /etc/ssl/certs/java, /etc/logstash, /etc/nginx/conf.d, /etc/container_environment]
- macro: fluentd_writing_fluentd_conf
condition: (proc.name=start-fluentd and fd.name=/etc/fluent/fluent.conf)
- macro: fluentd_writing_conf_files
condition: (proc.name=start-fluentd and fd.name in (/etc/fluent/fluent.conf, /etc/td-agent/td-agent.conf))
- macro: write_etc_common
condition: >
@ -418,7 +418,7 @@
and not fd.name in (/etc/container_environment.sh, /etc/container_environment.json)
and not ansible_running_python
and not python_running_denyhosts
and not fluentd_writing_fluentd_conf
and not fluentd_writing_conf_files
- rule: Write below etc
desc: an attempt to write to any file below /etc, not in a pipe installer session