From cb5a3a14e6da8d73a79584c2c08f082ee392f791 Mon Sep 17 00:00:00 2001
From: Leonardo Di Donato <leodidonato@gmail.com>
Date: Wed, 10 Jul 2019 13:40:47 +0000
Subject: [PATCH] new: k8s.gcr.io/kube-proxy addition to falco trusted images

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
---
 rules/falco_rules.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 79ba406c..df8c12ae 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1740,7 +1740,7 @@
     docker.io/sysdig/agent, docker.io/sysdig/falco, docker.io/sysdig/sysdig,
     gcr.io/google_containers/kube-proxy, docker.io/calico/node,
     docker.io/rook/toolbox, docker.io/cloudnativelabs/kube-router, docker.io/mesosphere/mesos-slave,
-    docker.io/docker/ucp-agent, sematext_images
+    docker.io/docker/ucp-agent, sematext_images, k8s.gcr.io/kube-proxy
     ]
 
 - macro: falco_privileged_containers
@@ -2253,7 +2253,7 @@
   condition: >
     spawned_process and container and
     ((proc.name = "nc" and (proc.args contains "-e" or proc.args contains "-c")) or
-     (proc.name = "ncat" and (proc.args contains "--sh-exec" or proc.args contains "--exec" or proc.args contains "-e " 
+     (proc.name = "ncat" and (proc.args contains "--sh-exec" or proc.args contains "--exec" or proc.args contains "-e "
                               or proc.args contains "-c " or proc.args contains "--lua-exec"))
     )
   output: >