From 6be38a323711688bd84ca0b8464e2b86ac7493cb Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Thu, 24 Aug 2017 08:57:00 -0700
Subject: [PATCH] Add more nomachine binaries.

Also let nomachine binaries write below /etc.
---
 rules/falco_rules.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 5f050bd3..80fd7c42 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -206,7 +206,7 @@
   items: [openvpn]
 
 - list: nomachine_binaries
-  items: [nxexec, nxnode.bin]
+  items: [nxexec, nxnode.bin, nxserver.bin, nxclient.bin]
 
 - list: nids_binaries
   items: [bro, broctl]
@@ -399,7 +399,7 @@
                           systemd, systemd-machine, systemd-sysuser,
                           debconf-show, rollerd, bind9.postinst, sv,
                           gen_resolvconf., update-ca-certi, certbot, runsv,
-                          qualys-cloud-ag, locales.postins)
+                          qualys-cloud-ag, locales.postins, nomachine_binaries)
     and not proc.pname in (sysdigcloud_binaries, sendmail_config_binaries)
     and not fd.name pmatch (safe_etc_dirs)
     and not fd.name in (/etc/container_environment.sh, /etc/container_environment.json)