cleanup: remove startswith /etc

In macro `sensitive_files` the `startswith /etc` is redundant because it used in combination with the `in` condition Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
falcosecurity · May 27, 2024 · 8e8dd11 · 8e8dd11
1 parent 6f2d60e
commit 8e8dd11
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
@@ -208,7 +208,7 @@
 
 - macro: sensitive_files
   condition: >
-    ((fd.name startswith /etc and fd.name in (sensitive_file_names)) or
+    (fd.name in (sensitive_file_names) or
       fd.directory in (/etc/sudoers.d, /etc/pam.d))
 
 # Indicates that the process is new. Currently detected using time