github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-05 02:47:05 +00:00
Code Issues Projects Releases Wiki Activity
2,722 Commits 117 Branches 173 Tags 104 MiB
2ee95122df
Commit Graph

2722 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Stemm
a2a4cbf586 Let endeca spawn shells in containers also 2017-11-09 14:17:38 -08:00
Mark Stemm
b4bd11bf70 Let nsrun spawn shells in containers. 2017-11-09 14:16:52 -08:00
Mark Stemm
d5869599f7 Add additional innocuous command lines. 2017-11-09 14:16:24 -08:00
Mark Stemm
b0bc00224c Also let terminal shells run innocuous cmdlines 
The terminal shell in container rule has always been less permissive
than the other shell rules, mostly because we expect terminal-attached
shells to be less common. However, they might run innocuous commands,
especially from scripting languages like python. So allow the innocuous
commands to run.
 2017-11-09 14:13:04 -08:00
Mark Stemm
2f4b39ae6f Let find spawn shells 2017-11-09 14:12:41 -08:00
Mark Stemm
326fb2998a Let curl write below the pki db 
Seems to do these writes on redhat?
 2017-11-09 14:11:36 -08:00
Mark Stemm
e3ef7a2ed4 Be more flexible about perl Makefile.PL 
Allow the command line to start with that command.
 2017-11-09 14:10:35 -08:00
Mark Stemm
43f7ee00fb Add an additional ics script ics_status.sh 2017-11-09 14:10:14 -08:00
Mark Stemm
8bcd0e8f05 Add additional cron binaries. 2017-11-09 14:09:36 -08:00
Mark Stemm
85f51cf38c Let salt-minion read sensitive files. 2017-11-08 13:42:24 -08:00
Mark Stemm
2467766f07 Add addl shell spawn conditions 
flock can spawn shells, new allowed shell cmdline.
 2017-11-08 13:41:43 -08:00
Mark Stemm
2cbff6ff70 Add addl safe root directories 2017-11-08 13:40:56 -08:00
Mark Stemm
e02135f9f0 Let datadog write its config files 2017-11-08 13:40:36 -08:00
Mark Stemm
c1de3dfe7a Let ovsdb-server write below /etc/openvswitch 2017-11-08 13:39:20 -08:00
Mark Stemm
27df0ad29b Add nagios as a monitoring binary 
Runs lots of shells
 2017-11-08 13:38:07 -08:00
Mark Stemm
e7c2068267 Add addl ruby binary when run by bundle 2017-11-08 13:13:00 -08:00
Mark Stemm
ffed7ef63c Add additional rpm binaries. 2017-11-08 09:28:45 -08:00
Mark Stemm
fe283dcd76 Add exceptions for /root, / writes 
Java running as root as well as oracle.
 2017-11-08 09:21:17 -08:00
Mark Stemm
4a0ec07235 Let celeryd spawn shells 
Parent process name is strange with leading [ and trailing :, so quote
it.
 2017-11-08 08:12:35 -08:00
Mark Stemm
fdebfb5b6c Add N_scheduler binaries for mesos 
I believe these are related to the equivalent of docker exec for mesos
containers, and aren't specifically related to rabbitmq.
 2017-11-08 08:05:42 -08:00
Mark Stemm
0b775fa722 Let java running endeca spawn shells 2017-11-07 11:19:24 -08:00
Mark Stemm
33faa911d7 Add addl npm cmdlines. 2017-11-07 11:18:33 -08:00
Mark Stemm
24fb84df60 Let docker start script spawn shells 2017-11-07 11:14:50 -08:00
Mark Stemm
7550683862 Add additional shell spawn programs. 2017-11-07 11:06:13 -08:00
Mark Stemm
5755e79fe9 Let polkit-agent-he(lper) read sensitive files. 2017-11-07 11:06:13 -08:00
Mark Stemm
dfbe450eeb Let datastax progs spawn shells 
Various script-based launch points.
 2017-11-07 11:06:13 -08:00
Mark Stemm
0867245b73 Let yum indirectly run user mgmt binaries 
They run shells that run the user binaries, at various levels in the
process heirarchy.
 2017-11-07 11:06:13 -08:00
Mark Stemm
82377348ce Add another way to run npm 
This one seen on redhat installs
 2017-11-07 11:00:43 -08:00
Mark Stemm
fdb2312bcf Let perl Makefile.PL spawn shells 2017-11-07 11:00:19 -08:00
Mark Stemm
fbb5451fd9 Let python running zookeeper spawn shells 2017-11-07 10:59:40 -08:00
Mark Stemm
83c309a6c0 Let subscription-ma(nager) write to rpm db. 2017-11-07 10:57:10 -08:00
Mark Stemm
6bcf397a17 Let plesk weekly cron job spawn shells 2017-11-07 10:19:42 -08:00
Mark Stemm
9ceb11a7c8 Let update-xmlcatal(og) write below /etc/xml 2017-11-07 10:19:19 -08:00
Mark Stemm
e4443bea8e Add additional make-like binaries. 2017-11-07 10:18:56 -08:00
Mark Stemm
15e2d0bf7e Add addl bitnami conditions. 2017-11-07 09:54:09 -08:00
Mark Stemm
480ba4e0f8 Let duply write below /etc/duply 
It's a shell script that runs touch so the detection is slightly more
complicated.
 2017-11-07 09:43:07 -08:00
Mark Stemm
6aae17600f Add addl ruby proc for builds. 
Adding ruby2.1
 2017-11-07 09:42:15 -08:00
Mark Stemm
e9e0177901 Add additional phusion cmdlines. 2017-11-06 15:28:16 -08:00
Mark Stemm
01459fb49a Let threatstack spawn shells 
Either as tsvuln or via node cmdline.
 2017-11-06 15:28:16 -08:00
Mark Stemm
d36df62d1e Add an additional yarn cmdline. 2017-11-06 15:26:03 -08:00
Mark Stemm
36d775100e Be more tolerant of es curator procs 
The command line occasionally ends with a space.
 2017-11-03 17:26:37 -07:00
Mark Stemm
0020b05624 Add additional details for some rules 
Helps diagnose FPs.
 2017-11-03 16:01:38 -07:00
Mark Stemm
3edfc6ba8e Let plesk run mktemp below /etc 2017-11-03 16:01:12 -07:00
Mark Stemm
9ed1ff5f26 Add additional shell spawning cmdlines/progs 2017-11-03 16:00:03 -07:00
Mark Stemm
664d8fbc1d Add addl mail config binaries 
Add additional mail config-related binaries. Also they aren't solely
sendmail-related, so make the list mail_config_binaries.
 2017-11-03 15:44:26 -07:00
Mark Stemm
6078d4bd43 Add docker-current as a docker binary. 2017-10-31 20:56:11 -07:00
Mark Stemm
53776b0ec6 Add additional /etc writers 2017-10-31 20:51:18 -07:00
Mark Stemm
2eda3432e9 Let dmeventd write additional dirs 2017-10-31 20:50:58 -07:00
Mark Stemm
56e07f53f2 Let appdynamics spawn shells. 
It's java, so look in classpath.
 2017-10-30 22:57:08 -07:00
Mark Stemm
87fd4aba70 Let mesos-journald-(logger) spawn shells 2017-10-26 14:17:39 -07:00