Some checks are pending
Pipelines as Code CI / homelab-ci CI has Started
Signed-off-by: gwg313 <gwg313@pm.me>
23 lines
516 B
YAML
23 lines
516 B
YAML
apiVersion: cilium.io/v1alpha1
|
|
kind: TracingPolicy
|
|
metadata:
|
|
name: audit-process-execution
|
|
annotations:
|
|
security-tier: audit-baseline
|
|
description: "Logs all process executions (sys_execve) for cluster-wide visibility."
|
|
spec:
|
|
kprobes:
|
|
- call: "sys_execve"
|
|
syscall: true
|
|
args:
|
|
- index: 0
|
|
type: "string"
|
|
- index: 1
|
|
type: "string_array"
|
|
selectors:
|
|
- matchPIDs:
|
|
- operator: NotIn
|
|
followForks: true
|
|
isNamespacePID: true
|
|
values:
|
|
- 1
|