Merge pull request #427 from tstromberg/nov19

suspicious systemd: accept any char instead of single quote
This commit is contained in:
Thomas Strömberg 2024-11-19 16:12:21 -05:00 committed by GitHub
commit d078e4a1ca
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions

View File

@ -226,7 +226,7 @@ rule usr_bin_execstop_shell : medium {
$execstop = /ExecStop=\/bin\/sh .{0,64}/
$not_podman_logging = "/usr/bin/podman $LOGGING"
$not_stderr = /ExecStop=\/bin\/sh .{0,64}set -eu/
$not_nfs = /ExecStop=\/bin\/sh -c \'\/usr\/sbin\/nfsdctl /
$not_nfs = /ExecStop=\/bin\/sh -c .\/usr\/sbin\/nfsdctl /
condition:
filesize < 4096 and $execstop and none of ($not*)
}