mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2024-12-17 19:44:31 +00:00
FPR: containerd, cupsd, etc
This commit is contained in:
parent
c5b507a230
commit
7219f64571
@ -83,6 +83,7 @@ WHERE protocol > 0
|
||||
)
|
||||
AND NOT exception_key IN (
|
||||
'123,17,500,chronyd,0u,0g,chronyd',
|
||||
'123,17,473,chronyd,0u,0g,chronyd',
|
||||
'19305,6,500,msedge,0u,0g,msedge',
|
||||
'4070,6,500,spotify,u,g,spotify',
|
||||
'49152,6,500,ContinuityCaptureAgent,Software Signing',
|
||||
|
@ -114,6 +114,7 @@ WHERE
|
||||
'containerd-shim,/usr/bin/containerd-shim-runc-v2,0,system.slice,docker.service,0755',
|
||||
'containerd,/usr/bin/containerd,0,system.slice,containerd.service,0755',
|
||||
'containerd,/usr/bin/containerd,0,system.slice,docker.service,0755',
|
||||
'containerd,/usr/sbin/containerd,0,system.slice,docker.service,0755',
|
||||
'crond,/usr/bin/crond,0,system.slice,cronie.service,0755',
|
||||
'crond,/usr/sbin/crond,0,system.slice,crond.service,0755',
|
||||
'cron,/usr/sbin/cron,0,system.slice,cron.service,0755',
|
||||
@ -122,6 +123,7 @@ WHERE
|
||||
'cupsd,/usr/bin/cupsd,0,system.slice,cups.service,0700',
|
||||
'cupsd,/usr/sbin/cupsd,0,system.slice,cups.service,0755',
|
||||
'cupsd,/usr/sbin/cupsd,0,system.slice,system-cups.slice,0755',
|
||||
'cupsd,/usr/sbin/cupsd,0,system.slice,system-cups.slice,0700',
|
||||
'dbus-daemon,/usr/bin/dbus-daemon,0,user.slice,user-1000.slice,0755',
|
||||
'dbus-launch,/usr/bin/dbus-launch,0,user.slice,user-1000.slice,0755',
|
||||
'dconf-service,/usr/libexec/dconf-service,0,user.slice,user-1000.slice,0755',
|
||||
@ -165,6 +167,7 @@ WHERE
|
||||
'gdm-session-wor,/usr/lib/gdm-session-worker,0,user.slice,user-120.slice,0755',
|
||||
'gdm,/usr/bin/gdm,0,system.slice,gdm.service,0755',
|
||||
'gdm,/usr/sbin/gdm,0,system.slice,gdm.service,0755',
|
||||
'gdm,/usr/sbin/gdm,0,system.slice,display-manager.service,0755'
|
||||
'geoclue.service,Location Lookup Service,geoclue,500',
|
||||
'gnome-keyring-d,/usr/bin/gnome-keyring-daemon,0,user.slice,user-1000.slice,0755',
|
||||
'gpg-agent,/usr/bin/gpg-agent,0,system.slice,fwupd.service,0755',
|
||||
@ -260,6 +263,7 @@ WHERE
|
||||
'pwrstatd,/usr/sbin/pwrstatd,0,system.slice,pwrstatd.service,0700',
|
||||
'python3,/usr/bin/python__VERSION__,0,system.slice,ubuntu-advantage.service,0755',
|
||||
'qualys-cloud-ag,/usr/local/qualys/cloud-agent/bin/qualys-cloud-agent,0,system.slice,qualys-cloud-agent.service,0700',
|
||||
'qemu-ga,/usr/bin/qemu-ga,0,system.slice,qemu-guest-agent.service,0755',
|
||||
'rapid7_endpoint,/opt/rapid7/ir_agent/components/endpoint_broker/__VERSION__/rapid7_endpoint_broker,0,system.slice,ir_agent.service,0744',
|
||||
'rsyslogd,/usr/sbin/rsyslogd,0,system.slice,rsyslog.service,0755',
|
||||
'run-cups-browse,/usr/bin/dash,0,system.slice,snap.cups.cups-browsed.service,0755',
|
||||
@ -328,6 +332,7 @@ WHERE
|
||||
'unattended-upgr,/usr/bin/python3.9,0,system.slice,unattended-upgrades.service,0755',
|
||||
'unattended-upgr,/usr/bin/python__VERSION__,0,system.slice,unattended-upgrades.service,0755',
|
||||
'upowerd,/usr/libexec/upowerd,0,system.slice,upower.service,0755',
|
||||
'upowerd,/usr/libexec/upower/upowerd,0,system.slice,upower.service,0755',
|
||||
'upowerd,/usr/lib/upowerd,0,system.slice,upower.service,0755',
|
||||
'uresourced,/usr/libexec/uresourced,0,system.slice,uresourced.service,0755',
|
||||
'/usr/bin/monito,/usr/bin/perl,0,system.slice,monitorix.service,0755',
|
||||
|
Loading…
Reference in New Issue
Block a user