From 35a74077fcb3434f39056bd239040c71a147e8e5 Mon Sep 17 00:00:00 2001
From: juju4 <juju4@users.noreply.github.com>
Date: Sat, 26 Oct 2024 22:17:47 +0000
Subject: [PATCH] fix: always_true macro needed for allowed_ssh_proxy_env

---
 templates/falco_rules.yaml.j2              | 4 ++--
 templates/falco_rules_w_exceptions.yaml.j2 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/falco_rules.yaml.j2 b/templates/falco_rules.yaml.j2
index 98d0deb..99ab386 100644
--- a/templates/falco_rules.yaml.j2
+++ b/templates/falco_rules.yaml.j2
@@ -72,8 +72,8 @@
 # later you can customize, override the macros to something like
 # - macro: custom_procs
 #   condition: (proc.name in (custom1, custom2, custom3))
-# - macro: always_true
-#   condition: (evt.num>=0)
+- macro: always_true
+  condition: (evt.num>=0)
 
 # In some cases, such as dropped system call events, information about
 # the process name may be missing. For some rules that really depend
diff --git a/templates/falco_rules_w_exceptions.yaml.j2 b/templates/falco_rules_w_exceptions.yaml.j2
index e6e0d29..1fa19b7 100644
--- a/templates/falco_rules_w_exceptions.yaml.j2
+++ b/templates/falco_rules_w_exceptions.yaml.j2
@@ -72,8 +72,8 @@
 # later you can customize, override the macros to something like
 # - macro: custom_procs
 #   condition: (proc.name in (custom1, custom2, custom3))
-# - macro: always_true
-#   condition: (evt.num>=0)
+- macro: always_true
+  condition: (evt.num>=0)
 
 # In some cases, such as dropped system call events, information about
 # the process name may be missing. For some rules that really depend