New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/Expand "Modify bin dirs" rule #353

merged 2 commits into from Apr 13, 2018


None yet
2 participants

mattpag commented Apr 12, 2018

  • To monitor file/dirs removed with unlinkat we need to check evt.abspath, not evt.arg[1]
  • Monitor renameat too

@mattpag mattpag requested a review from mstemm Apr 12, 2018

@mstemm mstemm added the in progress label Apr 12, 2018

mattpag added some commits Apr 12, 2018

Also check evt.abspath in "Modify binary dirs" rule
For unlinkat evt.arg[1] is not the path of the file/dir removed.

mstemm approved these changes Apr 13, 2018

lgtm! I'm going to merge now as I have some other pending rules cleanups.

@mstemm mstemm merged commit 96b4ff0 into dev Apr 13, 2018

3 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
continuous-integration/travis-ci/push The Travis CI build passed
sign-off-checker The commit doesn't require sysdig sign-off CLA because it belongs to mattpag part of draios/falco collaborators

@mstemm mstemm deleted the fix_modify_bin_dirs branch Apr 13, 2018

@mstemm mstemm removed the in progress label Apr 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment