github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 23:57:29 +00:00
Code Issues Projects Releases Wiki Activity
864 Commits 121 Branches 172 Tags 104 MiB
e922a849a9
Commit Graph

864 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Stemm
8bcd0e8f05 Add additional cron binaries. 2017-11-09 14:09:36 -08:00
Mark Stemm
85f51cf38c Let salt-minion read sensitive files. 2017-11-08 13:42:24 -08:00
Mark Stemm
2467766f07 Add addl shell spawn conditions 
flock can spawn shells, new allowed shell cmdline.
 2017-11-08 13:41:43 -08:00
Mark Stemm
2cbff6ff70 Add addl safe root directories 2017-11-08 13:40:56 -08:00
Mark Stemm
e02135f9f0 Let datadog write its config files 2017-11-08 13:40:36 -08:00
Mark Stemm
c1de3dfe7a Let ovsdb-server write below /etc/openvswitch 2017-11-08 13:39:20 -08:00
Mark Stemm
27df0ad29b Add nagios as a monitoring binary 
Runs lots of shells
 2017-11-08 13:38:07 -08:00
Mark Stemm
e7c2068267 Add addl ruby binary when run by bundle 2017-11-08 13:13:00 -08:00
Mark Stemm
ffed7ef63c Add additional rpm binaries. 2017-11-08 09:28:45 -08:00
Mark Stemm
fe283dcd76 Add exceptions for /root, / writes 
Java running as root as well as oracle.
 2017-11-08 09:21:17 -08:00
Mark Stemm
4a0ec07235 Let celeryd spawn shells 
Parent process name is strange with leading [ and trailing :, so quote
it.
 2017-11-08 08:12:35 -08:00
Mark Stemm
fdebfb5b6c Add N_scheduler binaries for mesos 
I believe these are related to the equivalent of docker exec for mesos
containers, and aren't specifically related to rabbitmq.
 2017-11-08 08:05:42 -08:00
Mark Stemm
0b775fa722 Let java running endeca spawn shells 2017-11-07 11:19:24 -08:00
Mark Stemm
33faa911d7 Add addl npm cmdlines. 2017-11-07 11:18:33 -08:00
Mark Stemm
24fb84df60 Let docker start script spawn shells 2017-11-07 11:14:50 -08:00
Mark Stemm
7550683862 Add additional shell spawn programs. 2017-11-07 11:06:13 -08:00
Mark Stemm
5755e79fe9 Let polkit-agent-he(lper) read sensitive files. 2017-11-07 11:06:13 -08:00
Mark Stemm
dfbe450eeb Let datastax progs spawn shells 
Various script-based launch points.
 2017-11-07 11:06:13 -08:00
Mark Stemm
0867245b73 Let yum indirectly run user mgmt binaries 
They run shells that run the user binaries, at various levels in the
process heirarchy.
 2017-11-07 11:06:13 -08:00
Mark Stemm
82377348ce Add another way to run npm 
This one seen on redhat installs
 2017-11-07 11:00:43 -08:00
Mark Stemm
fdb2312bcf Let perl Makefile.PL spawn shells 2017-11-07 11:00:19 -08:00
Mark Stemm
fbb5451fd9 Let python running zookeeper spawn shells 2017-11-07 10:59:40 -08:00
Mark Stemm
83c309a6c0 Let subscription-ma(nager) write to rpm db. 2017-11-07 10:57:10 -08:00
Mark Stemm
6bcf397a17 Let plesk weekly cron job spawn shells 2017-11-07 10:19:42 -08:00
Mark Stemm
9ceb11a7c8 Let update-xmlcatal(og) write below /etc/xml 2017-11-07 10:19:19 -08:00
Mark Stemm
e4443bea8e Add additional make-like binaries. 2017-11-07 10:18:56 -08:00
Mark Stemm
15e2d0bf7e Add addl bitnami conditions. 2017-11-07 09:54:09 -08:00
Mark Stemm
480ba4e0f8 Let duply write below /etc/duply 
It's a shell script that runs touch so the detection is slightly more
complicated.
 2017-11-07 09:43:07 -08:00
Mark Stemm
6aae17600f Add addl ruby proc for builds. 
Adding ruby2.1
 2017-11-07 09:42:15 -08:00
Mark Stemm
e9e0177901 Add additional phusion cmdlines. 2017-11-06 15:28:16 -08:00
Mark Stemm
01459fb49a Let threatstack spawn shells 
Either as tsvuln or via node cmdline.
 2017-11-06 15:28:16 -08:00
Mark Stemm
d36df62d1e Add an additional yarn cmdline. 2017-11-06 15:26:03 -08:00
Mark Stemm
36d775100e Be more tolerant of es curator procs 
The command line occasionally ends with a space.
 2017-11-03 17:26:37 -07:00
Mark Stemm
0020b05624 Add additional details for some rules 
Helps diagnose FPs.
 2017-11-03 16:01:38 -07:00
Mark Stemm
3edfc6ba8e Let plesk run mktemp below /etc 2017-11-03 16:01:12 -07:00
Mark Stemm
9ed1ff5f26 Add additional shell spawning cmdlines/progs 2017-11-03 16:00:03 -07:00
Mark Stemm
664d8fbc1d Add addl mail config binaries 
Add additional mail config-related binaries. Also they aren't solely
sendmail-related, so make the list mail_config_binaries.
 2017-11-03 15:44:26 -07:00
Mark Stemm
6078d4bd43 Add docker-current as a docker binary. 2017-10-31 20:56:11 -07:00
Mark Stemm
53776b0ec6 Add additional /etc writers 2017-10-31 20:51:18 -07:00
Mark Stemm
2eda3432e9 Let dmeventd write additional dirs 2017-10-31 20:50:58 -07:00
Mark Stemm
56e07f53f2 Let appdynamics spawn shells. 
It's java, so look in classpath.
 2017-10-30 22:57:08 -07:00
Mark Stemm
87fd4aba70 Let mesos-journald-(logger) spawn shells 2017-10-26 14:17:39 -07:00
Mark Stemm
332e3ad874 Let salt-minion spawn shells 2017-10-26 11:37:12 -07:00
Mark Stemm
5127d51732 Let python run es curator as a shell 2017-10-26 09:42:36 -07:00
Mark Stemm
d8fdaa0d88 Let seed_es_acl spawn shells. 2017-10-26 09:36:07 -07:00
Mark Stemm
b993683b96 Let java running maven spawn shells 2017-10-26 09:35:52 -07:00
Mark Stemm
b8027b5e54 Add additional shell spawn binaries 2017-10-26 09:15:36 -07:00
Mark Stemm
d57b3fe3cf Let spamd read sensitive files. 2017-10-26 09:15:18 -07:00
Mark Stemm
dd3a7df346 Let pam-auth-update/parallels inst write to /etc 2017-10-26 09:14:01 -07:00
Mark Stemm
ba1c8e4506 Let plesk installer write apache config. 2017-10-26 09:13:41 -07:00