From 71d1ff8fafe0f93d3807e65b7a602c5c507b2e44 Mon Sep 17 00:00:00 2001
From: h4l0gen <ks3913688@gmail.com>
Date: Sat, 23 Mar 2024 05:29:14 +0530
Subject: [PATCH] updated falco rules files

Signed-off-by: h4l0gen <ks3913688@gmail.com>
---
 rules/falco-sandbox_rules.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/falco-sandbox_rules.yaml b/rules/falco-sandbox_rules.yaml
index a9a035c1..57694ad3 100644
--- a/rules/falco-sandbox_rules.yaml
+++ b/rules/falco-sandbox_rules.yaml
@@ -407,10 +407,10 @@
   condition: (proc.name in (python, pypy, python3) and
     proc.cmdline contains ansible)
 
-macro: python_running_chef
+- macro: python_running_chef
   condition: >
     (proc.name= python and
-     (proc.cmdline contains yum-dump.py or
+    (proc.cmdline contains yum-dump.py or
       proc.cmdline="python /usr/bin/chef-monitor.py"))
 
 - macro: python_running_denyhosts