mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 11:29:26 +00:00
1564e87177
* Remove remaining fbash references. No longer relevant after all the installer rules were removed. * Detect contacting EC2 metadata svc from containers Add a rule that detects attempts to contact the ec2 metadata service from containers. By default, the rule does not trigger unless a list of explicitly allowed containers is provided. * Detect contacting K8S API Server from container New rule "Contact K8S API Server From Container" looks for connections to the K8s API Server. The ip/port for the K8s API Server is in the macro k8s_api_server and contains an ip/port that's not likely to occur in practice, so the rule is effectively disabled by default.