From a0e88417fca1050d8cfa662971c39f6a58bb30dc Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Wed, 20 Sep 2017 18:42:33 -0700
Subject: [PATCH] Add more container innocuous cmdlines

Various uname -x variants and ruby version.
---
 rules/falco_rules.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 0cd22921..ffa218f8 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -710,6 +710,11 @@
     '"sh -c  curl http://localhost:6060/debug/vars>/dev/null "',
     '"sh -c  pgrep java && exit 0 || exit 1 "',
     '"sh -c uname -p 2> /dev/null"',
+    '"sh -c uname -s 2>&1"',
+    '"sh -c uname -r 2>&1"',
+    '"sh -c uname -v 2>&1"',
+    '"sh -c uname -a 2>&1"',
+    '"sh -c ruby -v 2>&1"',
     '"sh -c  echo healthy "',
     '"sh -c  echo alive "',
     '"sh -c getconf CLK_TCK"',