ContextQMD
Back to Falco

Sensitive Files

content/en/docs/reference/rules/default-macros/sensitive_files.md

latest176 B
Original Source
yaml
- macro: sensitive_files
  condition: >
    fd.name startswith /etc and
    (fd.name in (sensitive_file_names)
     or fd.directory in (/etc/sudoers.d, /etc/pam.d))