github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 08:32:12 +00:00
Code Issues Projects Releases Wiki Activity

Let Xvfb setuid.

Browse Source 
X11 program.
This commit is contained in:
Mark Stemm 2017-07-05 14:12:54 -07:00
parent d96cf4c369
commit c8c0a97f64
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/falco_rules.yaml
View File

@ -638,7 +638,7 @@
evt.type=setuid and evt.dir=> and
not user.name=root and not somebody_becoming_themself
and not proc.name in (userexec_binaries, mail_binaries, docker_binaries,
sshd, dbus-daemon-lau, ping, ping6, critical-stack-)
sshd, dbus-daemon-lau, ping, ping6, critical-stack-, Xvfb)
and not java_running_sdjagent
output: >
Unexpected setuid call by non-sudo, non-root program (user=%user.name parent=%proc.pname