Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add user_known_write_monitored_dir_conditions #566

Conversation

Projects
None yet
2 participants
@JPLachance
Copy link
Contributor

commented Mar 25, 2019

Add a user_known_write_monitored_dir_conditions macro to allow custom conditions in the "Write below monitored dir" rule.

For example, with this macro, we can allow the root user to connect to BitBucket using SSH:

# Some applications allowed to write below monitored dir
- macro: user_known_write_monitored_dir_conditions
  condition: >
    fd.name startswith /root/.ssh and proc.cmdline="ssh hg@bitbucket.org hg -R some/repo serve --stdio"

falco-CLA-1.0-contributing-entity: Coveo Solutions Inc.
falco-CLA-1.0-signed-off-by: Jean-Philippe Lachance jplachance@coveo.com

+ Add a user_known_write_monitored_dir_conditions macro to allow cust…
…om conditions in the "Write below monitored dir" rule

falco-CLA-1.0-contributing-entity: Coveo Solutions Inc.
falco-CLA-1.0-signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
@mstemm

This comment has been minimized.

Copy link
Contributor

commented Mar 28, 2019

Thanks!

@mstemm mstemm merged commit 2fd90bf into falcosecurity:dev Mar 28, 2019

1 check passed

Travis CI - Pull Request Build Passed
Details

@JPLachance JPLachance deleted the JPLachance:feature/user-known-write-monitored-dir-conditions branch Mar 29, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.