From 2dfc3860ef36677589a400dcec5754ff658bf5f8 Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <t+github@chainguard.dev>
Date: Thu, 3 Nov 2022 16:05:07 -0400
Subject: [PATCH] Add pavucontrol and snapd

---
 .../recently-created-executables-linux.sql    | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/detection/execution/recently-created-executables-linux.sql b/detection/execution/recently-created-executables-linux.sql
index fb48c27..864a795 100644
--- a/detection/execution/recently-created-executables-linux.sql
+++ b/detection/execution/recently-created-executables-linux.sql
@@ -45,41 +45,43 @@ WHERE
     '/opt/google/chrome/chrome',
     '/opt/google/chrome/chrome_crashpad_handler',
     '/opt/google/chrome/nacl_helper',
-    '/usr/bin/containerd',
-    '/usr/bin/dockerd',
     '/usr/bin/bash',
-    '/usr/bin/gedit',
-    '/usr/bin/obs',
-    '/usr/bin/docker-proxy',
-    '/usr/lib/google-cloud-sdk/platform/bundledpythonunix/bin/python3',
-    '/usr/lib/snapd/snapd',
-    '/usr/bin/pipewire',
-    '/usr/bin/tailscaled',
-    '/usr/bin/rpi-imager',
-    '/usr/bin/udevadm',
     '/usr/bin/cargo',
+    '/usr/bin/containerd',
+    '/usr/bin/containerd-shim-runc-v2',
+    '/usr/bin/dockerd',
+    '/usr/bin/docker-proxy',
+    '/usr/bin/gedit',
+    '/usr/bin/gnome-keyring-daemon',
+    '/usr/bin/obs',
+    '/usr/bin/pavucontrol'
+    '/usr/bin/pipewire',
+    '/usr/bin/rpi-imager',
+    '/usr/bin/tailscaled',
+    '/usr/bin/udevadm',
     '/usr/lib/at-spi2-registryd',
     '/usr/lib/at-spi-bus-launcher',
     '/usr/libexec/docker/docker-proxy',
     '/usr/libexec/fwupd/fwupd',
+    '/usr/libexec/snapd/snapd',
     '/usr/libexec/sssd/sssd_kcm',
-    '/usr/bin/gnome-keyring-daemon',
     '/usr/lib/fwupd/fwupd',
     '/usr/lib/gdm',
     '/usr/lib/gdm-session-worker',
     '/usr/lib/gdm-x-session',
+    '/usr/lib/google-cloud-sdk/platform/bundledpythonunix/bin/python3',
+    '/usr/lib/polkit-1/polkitd',
     '/usr/lib/slack/chrome_crashpad_handler',
     '/usr/lib/slack/slack',
+    '/usr/lib/snapd/snapd',
     '/usr/lib/systemd/systemd',
     '/usr/lib/systemd/systemd-journald',
     '/usr/lib/systemd/systemd-logind',
-    '/usr/lib/polkit-1/polkitd',
     '/usr/lib/systemd/systemd-oomd',
     '/usr/lib/systemd/systemd-resolved',
     '/usr/lib/systemd/systemd-timesyncd',
     '/usr/lib/x86_64-linux-gnu/obs-plugins/obs-browser-page',
     '/usr/lib/xf86-video-intel-backlight-helper',
-    '/usr/bin/containerd-shim-runc-v2',
     '/usr/sbin/chronyd',
     '/usr/sbin/cupsd',
     '/usr/sbin/tailscaled'