From 29923b374462522d05b6eeb4514a00a48f872735 Mon Sep 17 00:00:00 2001 From: chip hwang Date: Tue, 22 May 2018 13:53:54 -0700 Subject: [PATCH] added ossec-syscheckd to read_sensitive_file_binaries --- rules/falco_rules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml index 10c3bae5dd4..9b874980dc6 100644 --- a/rules/falco_rules.yaml +++ b/rules/falco_rules.yaml @@ -907,7 +907,7 @@ iptables, ps, lsb_release, check-new-relea, dumpe2fs, accounts-daemon, sshd, vsftpd, systemd, mysql_install_d, psql, screen, debconf-show, sa-update, pam-auth-update, /usr/sbin/spamd, polkit-agent-he, lsattr, file, sosreport, - scxcimservera, adclient, rtvscand, cockpit-session, userhelper + scxcimservera, adclient, rtvscand, cockpit-session, userhelper, ossec-syscheckd ] # Add conditions to this macro (probably in a separate file,