github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-05 08:40:52 +00:00
Code Issues Projects Releases Wiki Activity

fix(macro truncate_shell_history): avoid false positives from .zsh_history.new and .LOCK files

Browse Source 
Signed-off-by: m4wh6k m4wh6k@users.noreply.github.com
This commit is contained in:
m4wh6k
2021-12-31 18:09:57 -08:00
committed by poiana
parent 6ead925f51
commit 9e8687401d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/falco_rules.yaml
View File

@@ -2584,7 +2584,7 @@
condition: > condition: >
(open_write and ( (open_write and (
fd.name contains "bash_history" or fd.name contains "bash_history" or
fd.name contains "zsh_history" or fd.name endswith "zsh_history" or
fd.name contains "fish_read_history" or fd.name contains "fish_read_history" or
fd.name endswith "fish_history") and evt.arg.flags contains "O_TRUNC") fd.name endswith "fish_history") and evt.arg.flags contains "O_TRUNC")