mirror of
https://github.com/falcosecurity/falco.git
synced 2025-08-22 08:06:10 +00:00
Add scripts possibly run by sshkit
Some general management scripts, possibly run by sshkit (need to check).
This commit is contained in:
parent
a22099c8c3
commit
96992d7ac3
@ -295,6 +295,10 @@
|
||||
- list: needrestart_binaries
|
||||
items: [needrestart, 10-dpkg, 20-rpm, 30-pacman]
|
||||
|
||||
# Possible scripts run by sshkit
|
||||
- list: sshkit_script_binaries
|
||||
items: [10_etc_sudoers., 10_passwd_group]
|
||||
|
||||
# System users that should never log into a system. Consider adding your own
|
||||
# service users (e.g. 'apache' or 'mysqld') here.
|
||||
- macro: system_users
|
||||
@ -438,6 +442,7 @@
|
||||
package_mgmt_binaries, ssl_mgmt_binaries, dhcp_binaries,
|
||||
dev_creation_binaries, shell_mgmt_binaries,
|
||||
sendmail_config_binaries,
|
||||
sshkit_script_binaries,
|
||||
ldconfig.real, ldconfig, confd, gpg, insserv,
|
||||
apparmor_parser, update-mime, tzdata.config, tzdata.postinst,
|
||||
systemd, systemd-machine, systemd-sysuser,
|
||||
@ -511,7 +516,7 @@
|
||||
sensitive_files and open_read
|
||||
and not proc.name in (user_mgmt_binaries, userexec_binaries, package_mgmt_binaries,
|
||||
cron_binaries, read_sensitive_file_binaries, shell_binaries, hids_binaries,
|
||||
vpn_binaries, sendmail_config_binaries, nomachine_binaries)
|
||||
vpn_binaries, sendmail_config_binaries, nomachine_binaries, sshkit_script_binaries)
|
||||
and not cmp_cp_by_passwd
|
||||
and not ansible_running_python
|
||||
and not proc.cmdline contains /usr/bin/mandb
|
||||
|
Loading…
Reference in New Issue
Block a user