add host to target

Signed-off-by: Hi120ki <12624257+hi120ki@users.noreply.github.com>
2025-06-26 22:57:24 +00:00 · 2022-09-08 10:12:27 +09:00 · 2022-09-08 10:12:27 +09:00 · 4e622fc033
commit 4e622fc033
parent 16dca8f905
1 changed files with 2 additions and 8 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@ -3219,17 +3219,11 @@
 # there if you want to enable them by adding to
 # falco_rules.local.yaml.

- list: proc_environ_file_names
-  items: [/proc/self/environ, /proc/1/environ]
-
- macro: proc_environ_files
-  condition: >
-    fd.name in (proc_environ_file_names)
-
 - rule: Read environment variable from /proc files
  desc: An attempt to read process environment variables from /proc files
  condition: >
-    container and open_read and proc_environ_files
+    open_read and (fd.name glob /proc/*/environ)
+    and not proc.name in (systemctl, systemd-detect-, cloud-id)
  enabled: true
  output: >
    Environment variables were retrieved from /proc files (user=%user.name user_loginuid=%user.loginuid program=%proc.name