RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-18 02:17:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove sshd listener false positive

Browse Source
This commit is contained in:
Thomas Stromberg 2022-10-13 18:02:14 -04:00
parent 59dc85a931
commit 3562bc898e
Failed to extract signature
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
detection/evasion/ssh-notty.sql
View File

@ -8,4 +8,6 @@ SELECT * FROM (
)
WHERE INSTR(cmdline, '@notty') > 0
OR
INSTR(open_files, '/dev/ptmx') = 0;
(
open_files != "/dev/null" AND INSTR(open_files, '/dev/ptmx') = 0
)