RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-07 13:59:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Accept strace-log-merge anywhere

Browse Source
This commit is contained in:
Thomas Stromberg 2022-11-10 11:31:37 -05:00
parent 47bb017183
commit 32e3657221
Failed to extract signature
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
detection/impact/evenly-timestomped.sql
View File

@ -38,13 +38,11 @@ WHERE
OR mod_time LIKE "% 00:00:00"
)
-- false positives
AND file.path NOT IN (
'/etc/master.passwd',
'/usr/share/doc/strace/NEWS',
'/bin/strace-log-merge',
'/etc/printcap',
'/usr/bin/strace-log-merge',
'/bin/X11/strace-log-merge'
AND filename NOT IN (
'master.passwd',
'NEWS',
'printcap',
'strace-log-merge'
)
AND file.path NOT LIKE '%/lynis%'
AND file.path NOT LIKE '%/yelp-xsl%'