github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 08:32:12 +00:00
Code Issues Projects Releases Wiki Activity

Add addl mail config binaries

Browse Source 
Add additional mail config-related binaries. Also they aren't solely
sendmail-related, so make the list mail_config_binaries.
This commit is contained in:
Mark Stemm 2017-11-03 15:44:26 -07:00
parent 6078d4bd43
commit 664d8fbc1d
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
rules/falco_rules.yaml
View File

@ -255,10 +255,11 @@
mailmng-core, pop3-login, dovecot-lda mailmng-core, pop3-login, dovecot-lda
] ]
- list: sendmail_config_binaries - list: mail_config_binaries
items: [ items: [
update_conf, parse_mc, makemap_hash, newaliases, update_mk, update_tlsm4, update_conf, parse_mc, makemap_hash, newaliases, update_mk, update_tlsm4,
update_db, update_mc, ssmtp.postinst, mailq update_db, update_mc, ssmtp.postinst, mailq, postalias, postfix.config.,
postfix.config, postfix-script
] ]
- list: make_binaries - list: make_binaries
@ -603,7 +604,7 @@
and not proc.name in (passwd_binaries, shadowutils_binaries, sysdigcloud_binaries, and not proc.name in (passwd_binaries, shadowutils_binaries, sysdigcloud_binaries,
package_mgmt_binaries, ssl_mgmt_binaries, dhcp_binaries, package_mgmt_binaries, ssl_mgmt_binaries, dhcp_binaries,
dev_creation_binaries, shell_mgmt_binaries, dev_creation_binaries, shell_mgmt_binaries,
sendmail_config_binaries, mail_config_binaries,
sshkit_script_binaries, sshkit_script_binaries,
ldconfig.real, ldconfig, confd, gpg, insserv, ldconfig.real, ldconfig, confd, gpg, insserv,
apparmor_parser, update-mime, tzdata.config, tzdata.postinst, apparmor_parser, update-mime, tzdata.config, tzdata.postinst,
@ -613,7 +614,7 @@
qualys-cloud-ag, locales.postins, nomachine_binaries, qualys-cloud-ag, locales.postins, nomachine_binaries,
adclient, certutil, crlutil, pam-auth-update, parallels_insta, adclient, certutil, crlutil, pam-auth-update, parallels_insta,
openshift-launc) openshift-launc)
and not proc.pname in (sysdigcloud_binaries, sendmail_config_binaries, hddtemp.postins, sshkit_script_binaries, locales.postins) and not proc.pname in (sysdigcloud_binaries, mail_config_binaries, hddtemp.postins, sshkit_script_binaries, locales.postins)
and not fd.name pmatch (safe_etc_dirs) and not fd.name pmatch (safe_etc_dirs)
and not fd.name in (/etc/container_environment.sh, /etc/container_environment.json, /etc/motd, /etc/motd.svc) and not fd.name in (/etc/container_environment.sh, /etc/container_environment.json, /etc/motd, /etc/motd.svc)
and not ansible_running_python and not ansible_running_python
@ -710,7 +711,7 @@
sensitive_files and open_read sensitive_files and open_read
and not proc.name in (user_mgmt_binaries, userexec_binaries, package_mgmt_binaries, and not proc.name in (user_mgmt_binaries, userexec_binaries, package_mgmt_binaries,
cron_binaries, read_sensitive_file_binaries, shell_binaries, hids_binaries, cron_binaries, read_sensitive_file_binaries, shell_binaries, hids_binaries,
vpn_binaries, sendmail_config_binaries, nomachine_binaries, sshkit_script_binaries, vpn_binaries, mail_config_binaries, nomachine_binaries, sshkit_script_binaries,
in.proftpd, mandb) in.proftpd, mandb)
and not cmp_cp_by_passwd and not cmp_cp_by_passwd
and not ansible_running_python and not ansible_running_python