falco

mirror of https://github.com/falcosecurity/falco.git synced 2026-01-15 23:19:04 +00:00

Files

Mark Stemm 331b2971be rule(Delete or rename shell history):skip dockerfs

In some cases, when removing a container, dockerd will itself remove the
entire overlay filesystem, including a shell history file:

---
Shell history had been deleted or renamed (user=root type=unlinkat
command=dockerd -H fd://
... name=/var/lib/docker/overlay2/.../root/.bash_history ..
---

To avoid these FPs, skip paths starting with /var/lib/docker.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>

2020-09-23 17:48:36 +02:00

application_rules.yaml

update: license headers

2019-10-08 16:02:26 +02:00

CMakeLists.txt

build(rules): fix rules etc dir

2020-09-10 15:01:07 +02:00

falco_rules.local.yaml

update: license headers

2019-10-08 16:02:26 +02:00

falco_rules.yaml

rule(Delete or rename shell history):skip dockerfs

2020-09-23 17:48:36 +02:00

k8s_audit_rules.yaml

rule(System ClusterRole Modified/Deleted): + role

2020-09-03 18:56:51 +02:00

OWNERS

docs: specify labels that apply to each area

2019-09-16 10:11:25 +02:00