Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule updates 2018 07.v1 #388

Merged
merged 17 commits into from
Jul 24, 2018
Merged

Rule updates 2018 07.v1 #388

merged 17 commits into from
Jul 24, 2018

Conversation

mstemm
Copy link
Contributor

@mstemm mstemm commented Jul 9, 2018

No description provided.

mstemm added 17 commits July 6, 2018 15:56
@mstemm
Add dpkg-divert as a debian package mgmt program.
20156ef
@mstemm
Add pip3 as a package mgmt program.
4569e25
@mstemm
Let ucpagent write config
c2a58b5 
Since the name is fairly generic (apiserver), require that it runs in a
container with image docker/ucp-agent.
@mstemm
Let iscsi admin programs write config
78eabc9
@mstemm
Add parent to some output strings
8391057 
Will aid in addressing false positives.
@mstemm
Let update-ca-trust write to pki files
927ca37
@mstemm
Add additional root writing programs
f0c7599 
- zap: web application security tool
- airflow: apache app for managing data pipelines
- rpm can sometimes write below /root/.rpmdb
- maven can write groovy files
@mstemm
Expand redis etc files
fa44500 
Additional program redis-launcher.(sh) and path /etc/redis.
@mstemm
Add additional root directories
15ceb21 
/root/workspace could be used by jenkins, /root/oradiag_root could be
used by Oracle 11 SQL*Net.
@mstemm
Add pam-config as an auth program
75feb3e
@mstemm
Add additional trusted containers
8f83d8b 
openshift image inspector, alternate name for datadog agent, docker ucp
agent, gliderlabs logspout.
@mstemm
Add microdnf as a rpm binary.
50dd9c8 
https://github.com/rpm-software-management/microdnf
@mstemm
Let coreos update-ssh-keys write /home/core/.ssh
632b0c9
@mstemm
Allow additional writes below /etc/iscsi
62c41ef 
Allow any path starting with /etc/iscsi.
@mstemm
Add additional /root write paths
69154c1 
Additional files, with /root/workspace changing from a directory to a
path prefix.
@mstemm
Add additional openshift trusted container.
9306b1e
@mstemm
Also allow grandparents for ms_oms_writing_conf
05dfefd 
In some cases the program spawns intermediate shells, for example:

07:15:30.756713513: Error File below /etc opened for writing (user= command=StatusReport.sh /opt/microsoft/omsconfig/Scripts/StatusReport.sh D34448EA-363A-42C2-ACE0-ACD6C1514CF1 EndTime parent=sh pcmdline=sh -c /opt/microsoft/omsconfig/Scripts/StatusReport.sh D34448EA-363A-42C2-ACE0-ACD6C1514CF1 EndTime file=/etc/opt/omi/conf/omsconfig/last_statusreport program=StatusReport.sh gparent=omiagent ggparent=omiagent gggparent=omiagent) k8s.pod= container=host k8s.pod= container=host

This should fix #387.
@mstemm mstemm merged commit d63542d into dev Jul 24, 2018
@mstemm mstemm deleted the rule-updates-2018-07.v1 branch July 24, 2018 20:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/rules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mstemm @fntlnz