Redis Falco Rules

Unexpected inbound tcp connection redis

Detects inbound network connections to redis on unexpected ports

Allowed ports:

  • 6379

Unexpected spawned process redis

Detects an unexpected process spawned in the redis container

Allowed processes:

  • redis-server
  • app-entrypoint.
  • basename
  • dirname
  • grep
  • nami
  • node
  • redis-cli
  • tini
  • run.sh
  • sed
  • which

Unexpected file written by redis

Detects an attempt to access a file readwrite other than below an espected list of paths

Allowed file prefixes for readwrite:

  • /data
  • /opt
  • /tmp

Rules