github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-16 23:08:16 +00:00
Code Issues Projects Releases Wiki Activity

Let java write specific config files below /etc

Browse Source
This commit is contained in:
Mark Stemm
2017-11-10 12:11:26 -08:00
parent f379e97124
commit 8dd34205a8
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@@ -642,6 +642,9 @@
condition: ((proc.name=update-haproxy- or proc.pname=update-haproxy-) condition: ((proc.name=update-haproxy- or proc.pname=update-haproxy-)
and fd.name in (/etc/openvpn/client.map, /etc/haproxy/client.map-)) and fd.name in (/etc/openvpn/client.map, /etc/haproxy/client.map-))
- macro: java_writing_conf
condition: (proc.name=java and fd.name=/etc/.java/.systemPrefs/.system.lock)
# Add conditions to this macro (probably in a separate file, # Add conditions to this macro (probably in a separate file,
# overwriting this macro) to allow for specific combinations of # overwriting this macro) to allow for specific combinations of
# programs writing below specific directories below # programs writing below specific directories below
@@ -698,6 +701,7 @@
and not datadog_writing_conf and not datadog_writing_conf
and not curl_writing_pki_db and not curl_writing_pki_db
and not haproxy_writing_conf and not haproxy_writing_conf
and not java_writing_conf
- rule: Write below etc - rule: Write below etc
desc: an attempt to write to any file below /etc, not in a pipe installer session desc: an attempt to write to any file below /etc, not in a pipe installer session