-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explore rules options around LD_PRELOAD
env
#207
Comments
It's also worth clarifying where these are appropriate, i.e. how severe does the CVE have to be for these to be included/how long since a patch was made? |
@RichardoC 100% agree on trying to create a detection that is more behavioral rather than just addressing one specific CVE. Let's explore! The referenced PR also introduced the capabilities to check env variables in the parent process lineage. Side note: @RichardoC would you be willing to help with further cleaning up the rules in this regard? So that one day we have broader, but still well tuned detections. Also feel free to propose rules we should re-write or deprecate 🙏. |
I'll certainly try to help, but can't guarantee time for the next few months |
Hello! I've been thinking a bit about writing this |
@loresuso fair point! Regarding the detection part I think that we can define:
|
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh with Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle rotten |
/remove-lifecycle rotten |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh with Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle rotten |
Rotten issues close after 30d of inactivity. Reopen the issue with Mark the issue as fresh with Provide feedback via https://github.com/falcosecurity/community. |
@poiana: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
See falcosecurity/libs#1546 (comment)
@Biagio-Dipalma @loresuso @darryk10 @RichardoC
The text was updated successfully, but these errors were encountered: