From 36042163b424d3855dcb9568d002a2de23e402a9 Mon Sep 17 00:00:00 2001
From: Leonardo Grasso <me@leonardograsso.com>
Date: Fri, 20 Sep 2024 17:38:41 +0200
Subject: [PATCH] update(events): disable
 PotentialLocalPrivilegeEscalationViaEnvironmentVariablesMisuse

Since it is not in the stable ruleset:
https://github.com/falcosecurity/rules/blob/b6ad37371923b28d4db399cf11bd4817f923c286/rules/falco-incubating_rules.yaml#L1263-L1276

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
---
 ..._privilege_escalation_via_environment_variables_misuse.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/events/syscall/potential_local_privilege_escalation_via_environment_variables_misuse.go b/events/syscall/potential_local_privilege_escalation_via_environment_variables_misuse.go
index e7d43781..9577acf4 100644
--- a/events/syscall/potential_local_privilege_escalation_via_environment_variables_misuse.go
+++ b/events/syscall/potential_local_privilege_escalation_via_environment_variables_misuse.go
@@ -26,7 +26,10 @@ import (
 	"github.com/falcosecurity/event-generator/events"
 )
 
-var _ = events.Register(PotentialLocalPrivilegeEscalationViaEnvironmentVariablesMisuse)
+var _ = events.Register(
+	PotentialLocalPrivilegeEscalationViaEnvironmentVariablesMisuse,
+	events.WithDisabled(), // this rules is not included in falco_rules.yaml (stable rules), so disable the action
+)
 
 func PotentialLocalPrivilegeEscalationViaEnvironmentVariablesMisuse(h events.Helper) error {
 	// Set the GLIBC_TUNABLES environment variable