github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-31 06:01:52 +00:00
Code Issues Projects Releases Wiki Activity

Let consul spawn shells

Browse Source
This commit is contained in:
Mark Stemm 2017-11-10 12:12:22 -08:00
parent 69ede8a785
commit 7441052b9a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@ -886,7 +886,7 @@
nginx_control, mailmng-service, web_statistic_e, statistics_coll, install-info,
hawkular-metric, rhsmcertd-worke, parted, amuled, fluentd, x2gormforward,
parallels_insta, salt-minion, dnsmng, update-inetd, pum_worker, awstats_buildst,
tsvuln, 50plesk-daily, grubby, chkconfig, dracut-install, rhnsd, find
tsvuln, 50plesk-daily, grubby, chkconfig, dracut-install, rhnsd, find, consul
]
- rule: Run shell untrusted
@ -1159,7 +1159,7 @@
runsv, supervisord, varnishd, crond, logrotate, timeout, tini,
xrdb, xfce4-session, weave, logdna-agent, bundle, configure, luajit, nginx,
beam.smp, paster, postfix-local, hawkular-metric, fluentd, x2gormforward,
'"[celeryd:"', flock, nsrun)
"[celeryd:", flock, nsrun, consul)
and not trusted_containers
and not shell_spawning_containers
and not parent_java_running_echo