mirror of
https://github.com/falcosecurity/falco.git
synced 2026-03-19 11:12:36 +00:00
1564e87177
* Remove remaining fbash references. No longer relevant after all the installer rules were removed. * Detect contacting EC2 metadata svc from containers Add a rule that detects attempts to contact the ec2 metadata service from containers. By default, the rule does not trigger unless a list of explicitly allowed containers is provided. * Detect contacting K8S API Server from container New rule "Contact K8S API Server From Container" looks for connections to the K8s API Server. The ip/port for the K8s API Server is in the macro k8s_api_server and contains an ip/port that's not likely to occur in practice, so the rule is effectively disabled by default.