From 063eb1691ca7912479ad871b9c00bc32e88f4c65 Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Fri, 24 Feb 2023 17:47:07 -0500 Subject: [PATCH] Add privacy-aware version of the IR rules --- Makefile | 13 +++++++++---- incident_response/running_apps_macos.sql | 2 +- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 29b3e8e..5a79ba0 100644 --- a/Makefile +++ b/Makefile @@ -16,13 +16,18 @@ out/odk-policy.conf: out/osqtool-$(ARCH) $(wildcard policy/*.sql) mv out/.odk-policy.conf out/odk-policy.conf out/odk-incident-response.conf: out/osqtool-$(ARCH) $(wildcard incident_response/*.sql) - ./out/osqtool-$(ARCH) --verify pack incident_response/ > out/.odk-incident_response.conf - mv out/.odk-incident_response.conf out/odk-incident_response.conf + ./out/osqtool-$(ARCH) --verify pack incident_response/ > out/.odk-incident-response.conf + mv out/.odk-incident-response.conf out/odk-incident_response.conf -packs: out/odk-detection.conf out/odk-policy.conf out/odk-incident-response.conf +# A privacy-aware variation of IR rules +out/odk-incident-response-privacy.conf: out/osqtool-$(ARCH) $(wildcard incident_response/*.sql) + ./out/osqtool-$(ARCH) --exclude-tags=disabled,disabled-privacy pack incident_response/ > out/.odk-incident-response-privacy.conf + mv out/.odk-incident-response-privacy.conf out/odk-incident-response-privacy.conf + +packs: out/odk-detection.conf out/odk-policy.conf out/odk-incident-response.conf out/odk-incident-response-privacy.conf out/odk-packs.zip: packs - cd out && zip odk-packs.zip *.conf + cd out && rm -f .*.conf && zip odk-packs.zip *.conf .PHONY: reformat reformat: diff --git a/incident_response/running_apps_macos.sql b/incident_response/running_apps_macos.sql index 15de8f2..aa2c029 100644 --- a/incident_response/running_apps_macos.sql +++ b/incident_response/running_apps_macos.sql @@ -1,6 +1,6 @@ -- Retrieves currently running applications -- --- tags: postmortem often +-- tags: postmortem disabled-privacy -- platform: darwin SELECT *