github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-14 14:00:21 +00:00
Code Issues Projects Releases Wiki Activity

kh: improve mount on /var/lib/kubelet rule (#509)

Browse Source
This commit is contained in:
Kaizhe Huang
2019-01-30 14:13:19 -08:00
committed by Mark Stemm
parent 9e0e3da617
commit 50c6515da5
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
rules/falco_rules.yaml
View File

@@ -1428,7 +1428,8 @@
- macro: sensitive_mount
condition: (container.mount.dest[/proc*] != "N/A" or
container.mount.dest[/var/run/docker.sock] != "N/A" or
container.mount.dest[/var/lib/kubelet*] != "N/A" or
container.mount.dest[/var/lib/kubelet] != "N/A" or
container.mount.dest[/var/lib/kubelet/pki] != "N/A" or
container.mount.dest[/] != "N/A" or
container.mount.dest[/etc] != "N/A" or
container.mount.dest[/root*] != "N/A")