Monitor renameat too in "Modify binary dirs" rule

falcosecurity · Apr 12, 2018 · a9696ee · a9696ee
1 parent 83af068
commit a9696ee
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
@@ -23,7 +23,7 @@
   condition: (proc.name!="<NA>")
 
 - macro: rename
-  condition: evt.type = rename
+  condition: evt.type in (rename, renameat)
 - macro: mkdir
   condition: evt.type = mkdir
 - macro: remove