Merge pull request #318 from tstromberg/vuln-no-verify

Simplify execution queries
This commit is contained in:
Thomas Strömberg 2023-09-20 18:25:41 -04:00 committed by GitHub
commit 715f37b25c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 1 additions and 4 deletions

View File

@ -23,7 +23,7 @@ out/odk-detection-evasion.conf: out/osqtool-$(ARCH) $(wildcard detection/evasion
./out/osqtool-$(ARCH) --max-query-duration=4s --verify -output out/odk-detection-evasion.conf pack detection/evasion ./out/osqtool-$(ARCH) --max-query-duration=4s --verify -output out/odk-detection-evasion.conf pack detection/evasion
out/odk-detection-execution.conf: out/osqtool-$(ARCH) $(wildcard detection/execution/*.sql) out/odk-detection-execution.conf: out/osqtool-$(ARCH) $(wildcard detection/execution/*.sql)
./out/osqtool-$(ARCH) --max-query-duration=4s --verify -output out/odk-detection-execution.conf pack detection/execution ./out/osqtool-$(ARCH) --max-query-duration=8s --verify -output out/odk-detection-execution.conf pack detection/execution
out/odk-detection-exfil.conf: out/osqtool-$(ARCH) $(wildcard detection/exfil/*.sql) out/odk-detection-exfil.conf: out/osqtool-$(ARCH) $(wildcard detection/exfil/*.sql)
./out/osqtool-$(ARCH) --max-query-duration=4s --verify -output out/odk-detection-exfil.conf pack detection/exfil ./out/osqtool-$(ARCH) --max-query-duration=4s --verify -output out/odk-detection-exfil.conf pack detection/exfil

View File

@ -103,9 +103,6 @@ WHERE
p0.cmdline LIKE '%UserKnownHostsFile=/dev/null%' p0.cmdline LIKE '%UserKnownHostsFile=/dev/null%'
AND NOT p1.name = 'limactl' AND NOT p1.name = 'limactl'
) -- Crypto miners ) -- Crypto miners
OR p0.cmdline LIKE '%c3pool%'
OR p0.cmdline LIKE '%cryptonight%'
OR p0.cmdline LIKE '%f2pool%'
OR p0.cmdline LIKE '%hashrate%' OR p0.cmdline LIKE '%hashrate%'
OR p0.cmdline LIKE '%hashvault%' OR p0.cmdline LIKE '%hashvault%'
OR p0.cmdline LIKE '%minerd%' OR p0.cmdline LIKE '%minerd%'