From 6aae17600f4e3270d4757d977c2d15093b850fcc Mon Sep 17 00:00:00 2001 From: Mark Stemm Date: Tue, 7 Nov 2017 09:42:15 -0800 Subject: [PATCH] Add addl ruby proc for builds. Adding ruby2.1 --- rules/falco_rules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml index 6cf69ca4..926c86c4 100644 --- a/rules/falco_rules.yaml +++ b/rules/falco_rules.yaml @@ -421,7 +421,7 @@ # close enough to add here rather than create a separate macro. - macro: parent_scripting_running_builds condition: > - (proc.pname in (php,php5-fpm,php-fpm7.1,python,ruby,ruby2.3,node) and ( + (proc.pname in (php,php5-fpm,php-fpm7.1,python,ruby,ruby2.3,ruby2.1,node) and ( proc.cmdline startswith "sh -c git" or proc.cmdline startswith "sh -c date" or proc.cmdline startswith "sh -c /usr/bin/g++" or