Introduce missing allowed_full_admin_users macro so its corresponding…

… rule is disabled by default Signed-off-by: Vicente Herrera <[email protected]>
falcosecurity · Apr 14, 2020 · 9fd08ce · 9fd08ce
1 parent 3ce11f0
commit 9fd08ce
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/rules/k8s_audit_rules.yaml b/rules/k8s_audit_rules.yaml
@@ -420,6 +420,10 @@
   tags: [k8s]
 
 
+# This macro disables following rule, change to k8s_audit_never_true to enable it
+- macro: allowed_full_admin_users
+  condition: (k8s_audit_always_true)
+
 # This list includes some of the default user names for an administrator in several K8s installations
 - list: full_admin_k8s_users
   items: ["admin", "kubernetes-admin",  "kubernetes-admin@kubernetes", "[email protected]", "minikube-user"]