github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-21 19:44:57 +00:00
Code Issues Projects Releases Wiki Activity

Update engine fields checksum for fd.dev.* (#589)

Browse Source 
* Update engine fields checksum for fd.dev.*

New fields fd.dev.*, so updating the fields checksum.

* Print a message why the trace file can't be read.

At debug level only, but better than nothing.

* Adjust tests to match new container_started macro

Now that the container_started macro works either on the container event
or the first process being spawned in a container, we need to adjust the
counts for some rules to handle both cases.
This commit is contained in:
Mark Stemm
2019-04-30 12:46:25 -07:00
committed by GitHub
parent 0e1c436d14
commit 772d4f9515
3 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/falco_traces.yaml.in
View File

@@ -34,14 +34,14 @@ traces: !mux
detect: True
detect_level: INFO
detect_counts:
- "Launch Privileged Container": 2
- "Launch Privileged Container": 3
container-sensitive-mount:
trace_file: traces-positive/container-sensitive-mount.scap
detect: True
detect_level: INFO
detect_counts:
- "Launch Sensitive Mount Container": 2
- "Launch Sensitive Mount Container": 3
create-files-below-dev:
trace_file: traces-positive/create-files-below-dev.scap