github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-01 22:47:46 +00:00
Code Issues Projects Releases Wiki Activity

Let datastax progs spawn shells

Browse Source 
Various script-based launch points.
This commit is contained in:
Mark Stemm 2017-11-07 11:02:32 -08:00
parent 0867245b73
commit dfbe450eeb
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rules/falco_rules.yaml
View File

@ -547,6 +547,10 @@
- macro: parent_java_running_install4j
condition: (proc.pname=java and proc.pcmdline contains "-classpath i4jruntime.jar")
- macro: parent_running_datastax
condition: ((proc.pname=java and proc.pcmdline contains "-jar datastax-agent") or
(proc.pcmdline startswith "nodetool /opt/dse/bin/"))
- macro: parent_dovecot_running_auth
condition: (proc.pname=auth and proc.aname[2]=dovecot)
@ -886,6 +890,7 @@
and not run_by_openshift
and not parent_java_running_tomcat
and not parent_java_running_install4j
and not parent_running_datastax
and not parent_java_running_appdynamics
and not parent_cpanm_running_perl
and not parent_ruby_running_discourse
@ -1137,6 +1142,7 @@
and not parent_java_running_confluence
and not parent_java_running_tomcat
and not parent_java_running_install4j
and not parent_running_datastax
and not ics_running_java
and not parent_ruby_running_discourse
and not assemble_running_php