Skip to content

Commit

Permalink
Allow Ansible to run using Python 3 (#625)
Browse files Browse the repository at this point in the history 
Some newer distros default to Python 3 by default, not 2, which causes Ansible to trigger these rules.

falco-CLA-1.0-contributing-entity: 1500 Services Ltd
falco-CLA-1.0-signed-off-by: Chris Northwood <chris.northwood@1500cloud.com>
  • Loading branch information
@cnorthwood @mstemm
cnorthwood authored and mstemm committed Jun 5, 2019
1 parent 7a56f1c commit 24b4d83
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions rules/falco_rules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -528,7 +528,7 @@
# compatiblity with some widely used rules files.
# Begin Deprecated
- macro: parent_ansible_running_python
condition: (proc.pname in (python, pypy) and proc.pcmdline contains ansible)
condition: (proc.pname in (python, pypy, python3) and proc.pcmdline contains ansible)

- macro: parent_bro_running_python
condition: (proc.pname=python and proc.cmdline contains /usr/share/broctl)
Expand Down Expand Up @@ -610,7 +610,7 @@
## End Deprecated

- macro: ansible_running_python
condition: (proc.name in (python, pypy) and proc.cmdline contains ansible)
condition: (proc.name in (python, pypy, python3) and proc.cmdline contains ansible)

- macro: python_running_chef
condition: (proc.name=python and (proc.cmdline contains yum-dump.py or proc.cmdline="python /usr/bin/chef-monitor.py"))
Expand Down

0 comments on commit 24b4d83

Please sign in to comment.