diff --git a/detection/execution/unexpected-sysutils-linux.sql b/detection/execution/unexpected-sysutils-linux.sql
index 8c1c687..ca390b6 100644
--- a/detection/execution/unexpected-sysutils-linux.sql
+++ b/detection/execution/unexpected-sysutils-linux.sql
@@ -67,7 +67,13 @@ WHERE
   AND pe.path IN (
     '/usr/bin/sysctl',
     '/sbin/sysctl',
-    '/usr/sbin/sysctl'
+    '/usr/sbin/sysctl',
+    '/usr/bin/chattr',
+    '/sbin/chattr',
+    '/usr/sbin/chattr',
+    '/usr/bin/setenforce',
+    '/sbin/setenforce',
+    '/usr/sbin/setenforce'
   )
   AND p.parent > 0
 GROUP BY