RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 15:49:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #43 from tstromberg/bwrap-empty

Browse Source 
empty environ: add exception for bwrap
This commit is contained in:
Thomas Strömberg 2022-10-29 11:53:46 -04:00 committed by GitHub
commit 0c0a38df44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
detection/evasion/empty_environ_linux.sql
View File

@ -27,7 +27,10 @@ WHERE -- This time should match the interval
AND p.start_time < (strftime('%s', 'now') - 5)
-- This pattern is common with kthreadd processes
AND p.parent != 2
AND p.path != '/usr/bin/gpg-agent'
AND p.path NOT IN (
'/usr/bin/gpg-agent',
'/usr/bin/bwrap'
)
GROUP BY
p.pid
HAVING