homelab-gitops/platform/tetragon/policies/tracingpolicy-shell-spawn.yaml
gwg313 2671abc98c
add tetragon policies
Signed-off-by: gwg313 <gwg313@pm.me>
2026-05-28 21:51:44 -04:00

24 lines
466 B
YAML

apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
name: detect-shell-spawn
spec:
kprobes:
- call: "security_bprm_check"
syscall: false
selectors:
- matchBinaries:
- operator: In
values:
- /bin/sh
- /bin/bash
- /bin/dash
- /bin/ash
- /busybox/sh
args:
- index: 0
type: string
return: true