github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-01 17:12:21 +00:00
Code Issues Projects Releases Wiki Activity

Add more shell spawners.

Browse Source 
awslogs, authconfig
This commit is contained in:
Mark Stemm 2017-08-22 14:15:44 -07:00
parent 3202704950
commit e88c9ec8e3
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@ -531,14 +531,14 @@
- list: known_shell_spawn_binaries - list: known_shell_spawn_binaries
items: [ items: [
sshd, sudo, su, tmux, screen, emacs, systemd, login, flock, fbash, sshd, sudo, su, tmux, screen, emacs, systemd, login, flock, fbash,
nginx, monit, supervisord, dragent, aws, initdb, docker-compose, nginx, monit, supervisord, dragent, aws, awslogs, initdb, docker-compose,
configure, awk, falco, fail2ban-server, fleetctl, configure, awk, falco, fail2ban-server, fleetctl,
logrotate, ansible, less, adduser, pycompile, py3compile, logrotate, ansible, less, adduser, pycompile, py3compile,
pyclean, py3clean, pip, pip2, ansible-playboo, man-db, pyclean, py3clean, pip, pip2, ansible-playboo, man-db,
init, pluto, mkinitramfs, unattended-upgr, watch, sysdig, init, pluto, mkinitramfs, unattended-upgr, watch, sysdig,
landscape-sysin, nessusd, PM2, syslog-summary, erl_child_setup, landscape-sysin, nessusd, PM2, syslog-summary, erl_child_setup,
npm, cloud-init, toybox, ceph, hhvm, certbot, mysql_install_d, npm, cloud-init, toybox, ceph, hhvm, certbot, mysql_install_d,
serf, a2enmod, runsv, supervisord, varnishd serf, a2enmod, runsv, supervisord, varnishd, authconfig
] ]
- rule: Run shell untrusted - rule: Run shell untrusted