Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Add user_known_write_monitored_dir_conditions #566
Add a user_known_write_monitored_dir_conditions macro to allow custom conditions in the "Write below monitored dir" rule.
For example, with this macro, we can allow the root user to connect to BitBucket using SSH:
# Some applications allowed to write below monitored dir - macro: user_known_write_monitored_dir_conditions condition: > fd.name startswith /root/.ssh and proc.cmdline="ssh email@example.com hg -R some/repo serve --stdio"
falco-CLA-1.0-contributing-entity: Coveo Solutions Inc.