RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-15 02:24:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10 from chainguard-dev/talkers

Browse Source 
linux talkers: Add snap Slack and NixOS bash exception
This commit is contained in:
Thomas Strömberg 2022-10-20 13:44:25 -04:00 committed by GitHub
commit 31bd0a5558
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
detection/c2/unexpected-https-client-linux.sql
View File

@ -75,6 +75,7 @@ WHERE
'500,/opt/chrome,0u,0g,chrome',
'500,/opt/spotify,0u,0g,spotify',
'500,/snap/firefox,0u,0g,firefox',
'500,/snap/slack,0u,0g,slack',
'500,/usr/chrome,0u,0g,chrome',
'500,/usr/code,0u,0g,code',
'500,/usr/curl,0u,0g,curl',
@ -88,5 +89,8 @@ WHERE
'500,/usr/slack,0u,0g,slack',
'500,/usr/syncthing,0u,0g,syncthing'
)
-- stay weird, NixOS (Fastly nix mirror)
AND NOT child_cmd = '/run/current-system/sw/bin/bash'
GROUP BY
p.cmdline