github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 15:47:25 +00:00
Code Issues Projects Releases Wiki Activity

rule(Read sensitive file untrusted): let salt-call read sensitive files

Browse Source 
Signed-off-by: vin01 <vinc.i@protonmail.ch>
This commit is contained in:
vin01 2022-11-14 21:53:09 +01:00 committed by poiana
parent 3697d1fae2
commit d03826379b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/falco_rules.yaml
View File

@ -1441,7 +1441,7 @@
and not proc.name in (user_mgmt_binaries, userexec_binaries, package_mgmt_binaries,
cron_binaries, read_sensitive_file_binaries, shell_binaries, hids_binaries,
vpn_binaries, mail_config_binaries, nomachine_binaries, sshkit_script_binaries,
in.proftpd, mandb, salt-minion, postgres_mgmt_binaries,
in.proftpd, mandb, salt-call, salt-minion, postgres_mgmt_binaries,
google_oslogin_
)
and not cmp_cp_by_passwd