RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-08 06:19:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't mask directories, run on macOS

Browse Source
This commit is contained in:
Thomas Stromberg 2022-10-20 07:59:06 -04:00
parent e09e410407
commit a22ca1f2b0
Failed to extract signature
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
detection/evasion/unexpected-dev-entries.sql
View File

@ -7,7 +7,7 @@
-- * programs which have legimate uses for /dev/shm (Chrome, etc) -- * programs which have legimate uses for /dev/shm (Chrome, etc)
-- --
-- tags: persistent state filesystem -- tags: persistent state filesystem
-- platform: linux -- platform: posix
SELECT SELECT
file.path, file.path,
file.type, file.type,
@ -49,5 +49,4 @@ WHERE
AND file.path NOT LIKE '/dev/shm/libpod_rootless_lock_%' AND file.path NOT LIKE '/dev/shm/libpod_rootless_lock_%'
AND file.path NOT LIKE '%/../%' AND file.path NOT LIKE '%/../%'
AND file.path NOT LIKE '%/./%' AND file.path NOT LIKE '%/./%'
AND filename NOT IN ('..')
AND file.path NOT IN ('/dev/.mdadm/') AND file.path NOT IN ('/dev/.mdadm/')