feat(rule): simple rule

padok-team · Dec 29, 2023 · c993094 · c993094
1 parent 1070b89
commit c993094
Showing 1 changed file with 2 additions and 9 deletions.
diff --git a/nsenter.yaml b/nsenter.yaml
@@ -1,9 +1,2 @@
-- macro: container
-  condition: container.id != host
-
-- rule: Detect nsenter in a container
-  desc: You shouldn't run nsenter in a container
-  condition: container and proc.name = bash
-  output: >
-    nsenter executed in container container.id
-  priority: ERROR
+- list: falco_binaries
+  items: [falcoctl]