From c3c6ec67f7d44b7c74b701aa31e47e78c699f103 Mon Sep 17 00:00:00 2001
From: Jonathan Coetzee <jon@thancoetzee.com>
Date: Fri, 16 Dec 2016 11:27:43 +0200
Subject: [PATCH] Add systemd as a login binary

SSH'ing into an Ubuntu 16.04 box triggers a bunch of "Sensitive file opened for reading by non-trusted program" errors caused by systemd

falco-CLA-1.0-signed-off-by: Jonathan Coetzee jon@thancoetzee.com
---
 rules/falco_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 5a050024..5ec1fd4f 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -76,7 +76,7 @@
 
 # dpkg -L login | grep bin | xargs ls -ld | grep -v '^d' | awk '{print $9}' | xargs -L 1 basename | tr "\\n" ","
 - list: login_binaries
-  items: [login, systemd-logind, su, nologin, faillog, lastlog, newgrp, sg]
+  items: [login, systemd, systemd-logind, su, nologin, faillog, lastlog, newgrp, sg]
 
 # dpkg -L passwd | grep bin | xargs ls -ld | grep -v '^d' | awk '{print $9}' | xargs -L 1 basename | tr "\\n" ","
 - list: passwd_binaries