RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-18 19:40:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add chattr, setenforce to unexpected-sysutils

Browse Source
This commit is contained in:
Thomas Stromberg 2023-02-14 20:35:24 -05:00
parent cf858d193d
commit 5eefbd0dba
Failed to extract signature
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
detection/execution/unexpected-sysutils-linux.sql
View File

@ -67,7 +67,13 @@ WHERE
AND pe.path IN (
'/usr/bin/sysctl',
'/sbin/sysctl',
'/usr/sbin/sysctl'
'/usr/sbin/sysctl',
'/usr/bin/chattr',
'/sbin/chattr',
'/usr/sbin/chattr',
'/usr/bin/setenforce',
'/sbin/setenforce',
'/usr/sbin/setenforce'
)
AND p.parent > 0
GROUP BY