mirror of
https://github.com/falcosecurity/falco.git
synced 2025-09-04 08:04:49 +00:00
Remove installer-related traces
We removed the installer-related rules, so remove the installer-related traces as well.
This commit is contained in:
Mark Stemm
@@ -59,44 +59,6 @@ traces: !mux
|
|||||||
- "Modify binary dirs": 2
|
- "Modify binary dirs": 2
|
||||||
- "Change thread namespace": 2
|
- "Change thread namespace": 2
|
||||||
|
|
||||||
installer-fbash-manages-service:
|
|
||||||
trace_file: traces-info/installer-fbash-manages-service.scap
|
|
||||||
detect: True
|
|
||||||
detect_level: INFO
|
|
||||||
detect_counts:
|
|
||||||
- "Installer bash manages service": 4
|
|
||||||
|
|
||||||
installer-bash-non-https-connection:
|
|
||||||
trace_file: traces-positive/installer-bash-non-https-connection.scap
|
|
||||||
detect: True
|
|
||||||
detect_level: NOTICE
|
|
||||||
detect_counts:
|
|
||||||
- "Installer bash non https connection": 1
|
|
||||||
|
|
||||||
installer-fbash-runs-pkgmgmt:
|
|
||||||
trace_file: traces-info/installer-fbash-runs-pkgmgmt.scap
|
|
||||||
detect: True
|
|
||||||
detect_level: [NOTICE, INFO]
|
|
||||||
detect_counts:
|
|
||||||
- "Installer bash runs pkgmgmt program": 4
|
|
||||||
- "Installer bash non https connection": 4
|
|
||||||
|
|
||||||
installer-bash-starts-network-server:
|
|
||||||
trace_file: traces-positive/installer-bash-starts-network-server.scap
|
|
||||||
detect: True
|
|
||||||
detect_level: NOTICE
|
|
||||||
detect_counts:
|
|
||||||
- "Installer bash starts network server": 2
|
|
||||||
- "Installer bash non https connection": 3
|
|
||||||
|
|
||||||
installer-bash-starts-session:
|
|
||||||
trace_file: traces-positive/installer-bash-starts-session.scap
|
|
||||||
detect: True
|
|
||||||
detect_level: NOTICE
|
|
||||||
detect_counts:
|
|
||||||
- "Installer bash starts session": 1
|
|
||||||
- "Installer bash non https connection": 3
|
|
||||||
|
|
||||||
mkdir-binary-dirs:
|
mkdir-binary-dirs:
|
||||||
trace_file: traces-positive/mkdir-binary-dirs.scap
|
trace_file: traces-positive/mkdir-binary-dirs.scap
|
||||||
detect: True
|
detect: True
|
||||||
@@ -111,13 +73,6 @@ traces: !mux
|
|||||||
detect_counts:
|
detect_counts:
|
||||||
- "Modify binary dirs": 1
|
- "Modify binary dirs": 1
|
||||||
|
|
||||||
modify-package-repo-list-installer:
|
|
||||||
trace_file: traces-info/modify-package-repo-list-installer.scap
|
|
||||||
detect: True
|
|
||||||
detect_level: INFO
|
|
||||||
detect_counts:
|
|
||||||
- "Write below etc in installer": 1
|
|
||||||
|
|
||||||
non-sudo-setuid:
|
non-sudo-setuid:
|
||||||
trace_file: traces-positive/non-sudo-setuid.scap
|
trace_file: traces-positive/non-sudo-setuid.scap
|
||||||
detect: True
|
detect: True
|
||||||
@@ -181,13 +136,6 @@ traces: !mux
|
|||||||
detect_counts:
|
detect_counts:
|
||||||
- "Write below etc": 1
|
- "Write below etc": 1
|
||||||
|
|
||||||
write-etc-installer:
|
|
||||||
trace_file: traces-info/write-etc-installer.scap
|
|
||||||
detect: True
|
|
||||||
detect_level: INFO
|
|
||||||
detect_counts:
|
|
||||||
- "Write below etc in installer": 1
|
|
||||||
|
|
||||||
write-rpm-database:
|
write-rpm-database:
|
||||||
trace_file: traces-positive/write-rpm-database.scap
|
trace_file: traces-positive/write-rpm-database.scap
|
||||||
detect: True
|
detect: True
|
||||||
|
|||||||
Reference in New Issue
Block a user