Apache Falco Rules

The Apache HTTP Server, colloquially called Apache (/əˈpætʃi/ ə-PATCH-ee), is free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation.

Unexpected inbound TCP connection apache

Detects inbound traffic to apache using tcp on a port outside of expected set

Allowed inbound ports:

  • 80
  • 443

Unexpected spawned process apache

Detects a process started in a apache container outside of an expected set

Allowed processes:

  • apache2
  • basename
  • grep
  • app-entrypoint.
  • node
  • sleep
  • dirname
  • httpd
  • nami
  • sh
  • tini

Unexpected file access readwrite for apache

Detects an attempt to access a file readwrite other than below an expected list of directories

Allowed file prefixes for readwrite:

  • /opt
  • /tmp
  • /dev/null

Rules