github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-06 03:16:46 +00:00
Code Issues Projects Releases Wiki Activity

Let chef read sensitive files

Browse Source 
Add the macro run_by_chef to the set of exclusions for reading sensitive
files.
This commit is contained in:
Mark Stemm 2017-09-20 18:22:11 -07:00
parent 340ee2ece7
commit c4c5d2f585
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/falco_rules.yaml
View File

@ -497,6 +497,7 @@
and not ansible_running_python and not ansible_running_python
and not proc.cmdline contains /usr/bin/mandb and not proc.cmdline contains /usr/bin/mandb
and not run_by_qualys and not run_by_qualys
and not run_by_chef
output: > output: >
Sensitive file opened for reading by non-trusted program (user=%user.name name=%proc.name Sensitive file opened for reading by non-trusted program (user=%user.name name=%proc.name
command=%proc.cmdline file=%fd.name parent=%proc.pname gparent=%proc.aname[2] ggparent=%proc.aname[3] gggparent=%proc.aname[4]) command=%proc.cmdline file=%fd.name parent=%proc.pname gparent=%proc.aname[2] ggparent=%proc.aname[3] gggparent=%proc.aname[4])