From c5f679d02ee556d44272f3debd421a0930205b4f Mon Sep 17 00:00:00 2001 From: Lorenzo Susini Date: Thu, 28 Sep 2023 08:50:44 +0000 Subject: [PATCH] update(rules): convert required engine version to new semver representation Signed-off-by: Lorenzo Susini --- rules/falco-deprecated_rules.yaml | 2 +- rules/falco-incubating_rules.yaml | 2 +- rules/falco-sandbox_rules.yaml | 2 +- rules/falco_rules.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rules/falco-deprecated_rules.yaml b/rules/falco-deprecated_rules.yaml index f37a15a5a..f60b48c3e 100644 --- a/rules/falco-deprecated_rules.yaml +++ b/rules/falco-deprecated_rules.yaml @@ -24,7 +24,7 @@ # Starting with version 8, the Falco engine supports exceptions. # However the Falco rules file does not use them by default. -- required_engine_version: 17 +- required_engine_version: "0.17.0" # This macro `never_true` is used as placeholder for tuning negative logical sub-expressions, for example # - macro: allowed_ssh_hosts diff --git a/rules/falco-incubating_rules.yaml b/rules/falco-incubating_rules.yaml index ce105fe6e..ea0a91de8 100644 --- a/rules/falco-incubating_rules.yaml +++ b/rules/falco-incubating_rules.yaml @@ -24,7 +24,7 @@ # Starting with version 8, the Falco engine supports exceptions. # However the Falco rules file does not use them by default. -- required_engine_version: 26 +- required_engine_version: "0.26.0" - macro: open_write condition: (evt.type in (open,openat,openat2) and evt.is_open_write=true and fd.typechar='f' and fd.num>=0) diff --git a/rules/falco-sandbox_rules.yaml b/rules/falco-sandbox_rules.yaml index bd696f6a0..05e49089f 100644 --- a/rules/falco-sandbox_rules.yaml +++ b/rules/falco-sandbox_rules.yaml @@ -24,7 +24,7 @@ # Starting with version 8, the Falco engine supports exceptions. # However the Falco rules file does not use them by default. -- required_engine_version: 26 +- required_engine_version: "0.26.0" # Currently disabled as read/write are ignored syscalls. The nearly # similar open_write/open_read check for files being opened for diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml index 12ee70d50..1a1ce3b56 100644 --- a/rules/falco_rules.yaml +++ b/rules/falco_rules.yaml @@ -24,7 +24,7 @@ # Starting with version 8, the Falco engine supports exceptions. # However the Falco rules file does not use them by default. -- required_engine_version: 26 +- required_engine_version: "0.26.0" # Currently disabled as read/write are ignored syscalls. The nearly # similar open_write/open_read check for files being opened for