Add wget and curl to remote_file_copy_binaries

[erickatwork]

What type of PR is this?

/kind rule-update

Any specific area of the project related to this PR?

/area rules

What this PR does / why we need it:

Added additional binaries that are capable of remote file copy. These binaries are commonly used as a prerequisite to command and control.

Which issue(s) this PR fixes:

N/A

Special notes for your reviewer:

N/A

Does this PR introduce a user-facing change?:

rule(Launch Remote File Copy Tools in Container): add additional binaries: curl and wget.

[leogr]

Hey @ec4n6

Tests are failing 👇

Tue Nov 16 09:46:11 2021: Runtime error: Could not load rules file /etc/falco/falco_rules.yaml: 1 errors:
Compilation error when compiling "proc.name = curl and (proc.cmdline contains (" > ") or proc.cmdline contains (" >> ") or proc.cmdline contains (" | "))": 45: syntax error, unexpected '(', expecting 'BareString', 'String', 'Number'
---
-  macro: curl_download
   condition: proc.name = curl and (proc.cmdline contains (" > ") or proc.cmdline contains (" >> ") or proc.cmdline contains (" | "))
---
. Exiting.

I guess the round brackets are not needed around strings.

[poiana]

LGTM label has been added.

Git tree hash: e012ad4708ea6ca230b33bcc2d575d6d6f99f1af

[leogr]

Closing and reopening to trigger the CI
/close

[poiana]

@leogr: Closed this PR.

In response to this:

Closing and reopening to trigger the CI
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[leogr]

/reopen

[poiana]

@leogr: Reopened this PR.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[leogr]

/milestone 0.31.0

[erickatwork]

@leogr Hi, it looks like my merge is missing the DCO signoff. Is this necessary, and if so, how do I add signoff to an existing merge?

[leogr]

/check-dco

[leogr]

@leogr Hi, it looks like my merge is missing the DCO signoff. Is this necessary, and if so, how do I add signoff to an existing merge?

Merge commits are not allowed, but it seems to me you already removed it. Indeed, after checking for DCO again, now it's all fine. Thank you!

[leogr]

LGTM

/approve

@Kaizhe could you check again? Thank you 🙏

[poiana]

LGTM label has been added.

Git tree hash: 788fefea0a448c7688afcf4b2905e05092b73dc9

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ec4n6, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• rules/OWNERS [leogr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[erickatwork]

Bump @Kaizhe