github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-01 09:02:18 +00:00
Code Issues Projects Releases Wiki Activity

Let python/mesos health checks spawn shells

Browse Source
This commit is contained in:
Mark Stemm 2017-11-10 12:06:44 -08:00
parent 060bf78ed8
commit e51fbd6569
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@ -553,6 +553,9 @@
- macro: parent_java_running_endeca
condition: (proc.pname=java and proc.pcmdline contains "-classpath /opt/endeca/")
- macro: python_mesos_healthcheck
condition: (proc.pcmdline startswith "python /mesoshealthcheck.py")
- macro: parent_running_datastax
condition: ((proc.pname=java and proc.pcmdline contains "-jar datastax-agent") or
(proc.pcmdline startswith "nodetool /opt/dse/bin/"))
@ -1181,6 +1184,7 @@
and not parent_python_running_zookeeper
and not parent_docker_start_script
and not parent_java_running_endeca
and not python_mesos_healthcheck
output: >
Shell spawned in a container other than entrypoint (user=%user.name %container.info image=%container.image
shell=%proc.name pcmdline=%proc.pcmdline cmdline=%proc.cmdline parent=%proc.pname gparent=%proc.aname[2] ggparent=%proc.aname[3])