falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-10-22 03:49:36 +00:00

Files

Antoine Deschênes a5cadbf5fa rule(Disallowed K8s User): whitelist kube-apiserver-healthcheck

kops 1.17 adds a kube-apiserver-healthcheck user: https://github.com/kubernetes/kops/tree/master/cmd/kube-apiserver-healthcheck

Logs are currently spammed with:
```
{"output":"18:02:15.466580992: Warning K8s Operation performed by user not in allowed list of users (user=kube-apiserver-healthcheck target=<NA>/<NA> verb=get uri=/healthz resp=200)","priority":"Warning","rule":"Disallowed K8s User","time":"2020-06-29T18:02:15.466580992Z", "output_fields": {"jevt.time":"18:02:15.466580992","ka.response.code":"200","ka.target.name":"<NA>","ka.target.resource":"<NA>","ka.uri":"/healthz","ka.user.name":"kube-apiserver-healthcheck","ka.verb":"get"}}
```

Signed-off-by: Antoine Deschênes <antoine.deschenes@equisoft.com>

2020-06-30 11:44:11 +02:00

application_rules.yaml

update: license headers

2019-10-08 16:02:26 +02:00

CMakeLists.txt

build: include GNUInstallDirs module

2020-01-17 19:09:31 +01:00

falco_rules.local.yaml

update: license headers

2019-10-08 16:02:26 +02:00

falco_rules.yaml

rule(list network_tool_binaries): add zmap to the list

2020-06-29 18:17:28 +02:00

k8s_audit_rules.yaml

rule(Disallowed K8s User): whitelist kube-apiserver-healthcheck

2020-06-30 11:44:11 +02:00

OWNERS

docs: specify labels that apply to each area

2019-09-16 10:11:25 +02:00