github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-04 10:26:40 +00:00
Code Issues Projects Releases Wiki Activity

noise suppression: calico writing config files into /etc (#481)

Browse Source
This commit is contained in:
Loris Degioanni 2018-12-10 11:54:47 -08:00 committed by Mark Stemm
parent 67cde2980d
commit ea303ba32f
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rules/falco_rules.yaml
View File

@ -841,6 +841,10 @@
- macro: ufw_writing_conf - macro: ufw_writing_conf
condition: proc.name=ufw and fd.directory=/etc/ufw condition: proc.name=ufw and fd.directory=/etc/ufw
- macro: calico_writing_conf
condition: >
(proc.name = calico-node and fd.name startswith /etc/calico)
# Add conditions to this macro (probably in a separate file, # Add conditions to this macro (probably in a separate file,
# overwriting this macro) to allow for specific combinations of # overwriting this macro) to allow for specific combinations of
# programs writing below specific directories below # programs writing below specific directories below
@ -943,6 +947,7 @@
and not iscsi_writing_conf and not iscsi_writing_conf
and not istio_writing_conf and not istio_writing_conf
and not ufw_writing_conf and not ufw_writing_conf
and not calico_writing_conf
- rule: Write below etc - rule: Write below etc
desc: an attempt to write to any file below /etc desc: an attempt to write to any file below /etc