github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-01 00:52:16 +00:00
Code Issues Projects Releases Wiki Activity

Add systemd as a login binary

Browse Source 
SSH'ing into an Ubuntu 16.04 box triggers a bunch of "Sensitive file opened for reading by non-trusted program" errors caused by systemd

falco-CLA-1.0-signed-off-by: Jonathan Coetzee jon@thancoetzee.com
This commit is contained in:
Jonathan Coetzee 2016-12-16 11:27:43 +02:00 committed by Mark Stemm
parent 9062459669
commit c3c6ec67f7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/falco_rules.yaml
View File

@ -76,7 +76,7 @@
# dpkg -L login | grep bin | xargs ls -ld | grep -v '^d' | awk '{print $9}' | xargs -L 1 basename | tr "\\n" "," # dpkg -L login | grep bin | xargs ls -ld | grep -v '^d' | awk '{print $9}' | xargs -L 1 basename | tr "\\n" ","
- list: login_binaries - list: login_binaries
items: [login, systemd-logind, su, nologin, faillog, lastlog, newgrp, sg] items: [login, systemd, systemd-logind, su, nologin, faillog, lastlog, newgrp, sg]
# dpkg -L passwd | grep bin | xargs ls -ld | grep -v '^d' | awk '{print $9}' | xargs -L 1 basename | tr "\\n" "," # dpkg -L passwd | grep bin | xargs ls -ld | grep -v '^d' | awk '{print $9}' | xargs -L 1 basename | tr "\\n" ","
- list: passwd_binaries - list: passwd_binaries