From d03826379b38a559704e06adb595897369bb34ec Mon Sep 17 00:00:00 2001
From: vin01 <vinc.i@protonmail.ch>
Date: Mon, 14 Nov 2022 21:53:09 +0100
Subject: [PATCH] rule(Read sensitive file untrusted): let salt-call read
 sensitive files

Signed-off-by: vin01 <vinc.i@protonmail.ch>
---
 rules/falco_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 4bd7310c..208e70fd 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1441,7 +1441,7 @@
     and not proc.name in (user_mgmt_binaries, userexec_binaries, package_mgmt_binaries,
      cron_binaries, read_sensitive_file_binaries, shell_binaries, hids_binaries,
      vpn_binaries, mail_config_binaries, nomachine_binaries, sshkit_script_binaries,
-     in.proftpd, mandb, salt-minion, postgres_mgmt_binaries,
+     in.proftpd, mandb, salt-call, salt-minion, postgres_mgmt_binaries,
      google_oslogin_
      )
     and not cmp_cp_by_passwd