github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-02 06:52:10 +00:00
Code Issues Projects Releases Wiki Activity

rule update: add exception for write below etc (etcd-manager updating dns)

Browse Source
This commit is contained in:
Kaizhe Huang 2019-05-17 17:45:00 -07:00 committed by Lorenzo Fontana
parent 45241e74c8
commit ddd7e5b93f
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@ -1100,6 +1100,9 @@
- macro: openshift_writing_conf
condition: (proc.name=oc and fd.name startswith /etc/origin/node)
- macro: etcd_manager_updating_dns
condition: (container and proc.name=etcd-manager and fd.name=/etc/hosts)
# Add conditions to this macro (probably in a separate file,
# overwriting this macro) to allow for specific combinations of
# programs writing below specific directories below
@ -1207,6 +1210,7 @@
and not openshift_writing_conf
and not rancher_writing_conf
and not jboss_in_container_writing_passwd
and not etcd_manager_updating_dns
- rule: Write below etc
desc: an attempt to write to any file below /etc