github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-19 00:57:48 +00:00
Code Issues Projects Releases Wiki Activity

new: k8s.gcr.io/kube-proxy addition to falco trusted images

Browse Source 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato 2019-07-10 13:40:47 +00:00 committed by Leo Di Donato
parent 4c68da0dcc
commit cb5a3a14e6
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@ -1740,7 +1740,7 @@
docker.io/sysdig/agent, docker.io/sysdig/falco, docker.io/sysdig/sysdig, docker.io/sysdig/agent, docker.io/sysdig/falco, docker.io/sysdig/sysdig,
gcr.io/google_containers/kube-proxy, docker.io/calico/node, gcr.io/google_containers/kube-proxy, docker.io/calico/node,
docker.io/rook/toolbox, docker.io/cloudnativelabs/kube-router, docker.io/mesosphere/mesos-slave, docker.io/rook/toolbox, docker.io/cloudnativelabs/kube-router, docker.io/mesosphere/mesos-slave,
docker.io/docker/ucp-agent, sematext_images docker.io/docker/ucp-agent, sematext_images, k8s.gcr.io/kube-proxy
] ]
- macro: falco_privileged_containers - macro: falco_privileged_containers
@ -2253,7 +2253,7 @@
condition: > condition: >
spawned_process and container and spawned_process and container and
((proc.name = "nc" and (proc.args contains "-e" or proc.args contains "-c")) or ((proc.name = "nc" and (proc.args contains "-e" or proc.args contains "-c")) or
(proc.name = "ncat" and (proc.args contains "--sh-exec" or proc.args contains "--exec" or proc.args contains "-e " (proc.name = "ncat" and (proc.args contains "--sh-exec" or proc.args contains "--exec" or proc.args contains "-e "
or proc.args contains "-c " or proc.args contains "--lua-exec")) or proc.args contains "-c " or proc.args contains "--lua-exec"))
) )
output: > output: >