github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 15:47:25 +00:00
Code Issues Projects Releases Wiki Activity

add exception for coreos/pod-checkpointer

Browse Source
This commit is contained in:
Kaizhe Huang 2019-06-07 12:20:10 -07:00 committed by Mark Stemm
parent 3026f3946e
commit 780129fa1b
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rules/falco_rules.yaml
View File

@ -1054,6 +1054,11 @@
(container.image.repository contains "rancher/metadata" or container.image.repository contains "rancher/lb-service-haproxy") and (container.image.repository contains "rancher/metadata" or container.image.repository contains "rancher/lb-service-haproxy") and
fd.name startswith "/answers.json") fd.name startswith "/answers.json")
- macro: checkpoint_writing_state
condition: (proc.name=checkpoint and
container.image.repository contains "coreos/pod-checkpointer" and
fd.name startswith "/etc/kubernetes")
- macro: jboss_in_container_writing_passwd - macro: jboss_in_container_writing_passwd
condition: > condition: >
((proc.cmdline="run-java.sh /opt/jboss/container/java/run/run-java.sh" ((proc.cmdline="run-java.sh /opt/jboss/container/java/run/run-java.sh"
@ -1237,6 +1242,7 @@
and not openshift_writing_conf and not openshift_writing_conf
and not keepalived_writing_conf and not keepalived_writing_conf
and not rancher_writing_conf and not rancher_writing_conf
and not checkpoint_writing_state
and not jboss_in_container_writing_passwd and not jboss_in_container_writing_passwd
and not etcd_manager_updating_dns and not etcd_manager_updating_dns