github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-01-15 23:19:04 +00:00
Code Issues Projects Releases Wiki Activity
359 Commits 121 Branches 180 Tags
f68fba103e724dbb433251e3069b2fb672ddffec
Commit Graph

3 Commits

Author SHA1 Message Date
Mark Stemm
73e52e1e91 Don't run the spawned program in a shell. 
Instead, run it directly. This avoids false positives when running
non-bash commands and false negatives when trying to run a shell.
 2016-10-24 15:56:45 -07:00
Mark Stemm
4a941df787 Example showing running bash via a bad rest api. 
Simple docker-compose environment that starts a simple express server
with a poorly-designed /api/exec/<cmd> endpoint that executes arbitrary
commands, and uses falco to detect running bash.
 2016-07-07 15:35:11 -07:00
Mark Stemm
139ee56af7 Docker-compose environment for mitm example. 
Adding docker-compose based example of man-in-the-middle attack against
installation scripts and how it can be detected using sysdig falco.

The docker-compose environment starts a good web server, compromised
nginx installation, evil web server, and a copy of sysdig falco. The
README walks through the process of compromising a client by using curl
http://localhost/get-software.sh | bash and detecting the compromise
using ./fbash.

The fbash program included in this example fixes https://github.com/draios/falco/issues/46.
 2016-06-10 16:39:59 -07:00