github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-30 12:30:56 +00:00
Code Issues Projects Releases Wiki Activity

Fix parent_python_running_sdchecks

Browse Source 
It was checking the current process instead of the parent, which doesn't
work when you've just done an exec.
This commit is contained in:
Mark Stemm 2017-07-26 14:01:03 -07:00
parent 6397c3a556
commit b208008be1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@ -301,8 +301,8 @@
- macro: parent_python_running_sdchecks
condition: >
(proc.name in (python, python2.7) and
(proc.cmdline contains /opt/draios/bin/sdchecks))
(proc.pname in (python, python2.7) and
(proc.pcmdline contains /opt/draios/bin/sdchecks))
- macro: parent_bro_running_python
condition: (proc.pname=python and proc.cmdline contains /usr/share/broctl)