Mark Stemm 3693b16c91 Let puma reactor spawn shells ...

Sample Falco alert:

```
Shell spawned by untrusted binary (user=git shell=sh parent=puma reactor
cmdline=sh -c pgrep -fl "unicorn.* worker\[.*?\]" pcmdline=puma reactor
gparent=puma ggparent=runsv aname[4]=ru...
```

https://github.com/puma/puma says it is "A Ruby/Rack web server built
for concurrency".

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>

2020-02-03 16:13:57 +01:00

..

application_rules.yaml

update: license headers

2019-10-08 16:02:26 +02:00

CMakeLists.txt

build: include GNUInstallDirs module

2020-01-17 19:09:31 +01:00

falco_rules.local.yaml

update: license headers

2019-10-08 16:02:26 +02:00

falco_rules.yaml

Let puma reactor spawn shells

2020-02-03 16:13:57 +01:00

k8s_audit_rules.yaml

rule update: align sensitive mount macro between k8s_audit rules and syscall rules

2019-12-03 12:58:21 -08:00

OWNERS

docs: specify labels that apply to each area

2019-09-16 10:11:25 +02:00