Skip to content

Commit

Permalink
Move falco rules customization in private repository (#83)
Browse files Browse the repository at this point in the history 
Co-authored-by: Frédéric Collonval <[email protected]>
  • Loading branch information
@fcollonval
fcollonval and fcollonval authored Jan 8, 2025
1 parent ff799d8 commit 508688b
Showing 1 changed file with 0 additions and 18 deletions.
18 changes: 0 additions & 18 deletions charts/datalayer-falco/values-any.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,24 +20,6 @@ k8s-metacollector:
operator: In
values:
- "true"
customRules:
rules-override-default.yaml: |-
# Whitelist strimzi operator for Kafka to connect to k8s API
- macro: user_known_contact_k8s_api_server_activities
condition: (container.image.repository=quay.io/strimzi/operator)
override:
condition: replace
# Enable cryptomining related rules
# See https://falco.org/blog/falco-detect-cryptomining
# Tested with https://github.com/n1g3ld0ugla5/Falco-Cryptomining-CNCF
- rule: Detect outbound connections to common miner pool ports
enabled: true
override:
enabled: replace
- rule: Set Setuid or Setgid bit
enabled: true
override:
enabled: replace
falco:
rules_files:
# Order matters to apply override the rule should be loaded first.
Expand Down

0 comments on commit 508688b

Please sign in to comment.