Merge pull request #318 from tstromberg/vuln-no-verify
Simplify execution queries
This commit is contained in:
commit
715f37b25c
2
Makefile
2
Makefile
|
@ -23,7 +23,7 @@ out/odk-detection-evasion.conf: out/osqtool-$(ARCH) $(wildcard detection/evasion
|
||||||
./out/osqtool-$(ARCH) --max-query-duration=4s --verify -output out/odk-detection-evasion.conf pack detection/evasion
|
./out/osqtool-$(ARCH) --max-query-duration=4s --verify -output out/odk-detection-evasion.conf pack detection/evasion
|
||||||
|
|
||||||
out/odk-detection-execution.conf: out/osqtool-$(ARCH) $(wildcard detection/execution/*.sql)
|
out/odk-detection-execution.conf: out/osqtool-$(ARCH) $(wildcard detection/execution/*.sql)
|
||||||
./out/osqtool-$(ARCH) --max-query-duration=4s --verify -output out/odk-detection-execution.conf pack detection/execution
|
./out/osqtool-$(ARCH) --max-query-duration=8s --verify -output out/odk-detection-execution.conf pack detection/execution
|
||||||
|
|
||||||
out/odk-detection-exfil.conf: out/osqtool-$(ARCH) $(wildcard detection/exfil/*.sql)
|
out/odk-detection-exfil.conf: out/osqtool-$(ARCH) $(wildcard detection/exfil/*.sql)
|
||||||
./out/osqtool-$(ARCH) --max-query-duration=4s --verify -output out/odk-detection-exfil.conf pack detection/exfil
|
./out/osqtool-$(ARCH) --max-query-duration=4s --verify -output out/odk-detection-exfil.conf pack detection/exfil
|
||||||
|
|
|
@ -103,9 +103,6 @@ WHERE
|
||||||
p0.cmdline LIKE '%UserKnownHostsFile=/dev/null%'
|
p0.cmdline LIKE '%UserKnownHostsFile=/dev/null%'
|
||||||
AND NOT p1.name = 'limactl'
|
AND NOT p1.name = 'limactl'
|
||||||
) -- Crypto miners
|
) -- Crypto miners
|
||||||
OR p0.cmdline LIKE '%c3pool%'
|
|
||||||
OR p0.cmdline LIKE '%cryptonight%'
|
|
||||||
OR p0.cmdline LIKE '%f2pool%'
|
|
||||||
OR p0.cmdline LIKE '%hashrate%'
|
OR p0.cmdline LIKE '%hashrate%'
|
||||||
OR p0.cmdline LIKE '%hashvault%'
|
OR p0.cmdline LIKE '%hashvault%'
|
||||||
OR p0.cmdline LIKE '%minerd%'
|
OR p0.cmdline LIKE '%minerd%'
|
||||||
|
|
Loading…
Reference in New Issue