suspicious systemd: accept any char instead of single quote

This commit is contained in:
Thomas Stromberg 2024-11-19 16:09:38 -05:00
parent 8237521d0d
commit 4c4423a474
Failed to extract signature
1 changed files with 1 additions and 1 deletions

View File

@ -226,7 +226,7 @@ rule usr_bin_execstop_shell : medium {
$execstop = /ExecStop=\/bin\/sh .{0,64}/ $execstop = /ExecStop=\/bin\/sh .{0,64}/
$not_podman_logging = "/usr/bin/podman $LOGGING" $not_podman_logging = "/usr/bin/podman $LOGGING"
$not_stderr = /ExecStop=\/bin\/sh .{0,64}set -eu/ $not_stderr = /ExecStop=\/bin\/sh .{0,64}set -eu/
$not_nfs = /ExecStop=\/bin\/sh -c \'\/usr\/sbin\/nfsdctl / $not_nfs = /ExecStop=\/bin\/sh -c .\/usr\/sbin\/nfsdctl /
condition: condition:
filesize < 4096 and $execstop and none of ($not*) filesize < 4096 and $execstop and none of ($not*)
} }