Merge pull request #427 from tstromberg/nov19
suspicious systemd: accept any char instead of single quote
This commit is contained in:
commit
d078e4a1ca
|
@ -226,7 +226,7 @@ rule usr_bin_execstop_shell : medium {
|
|||
$execstop = /ExecStop=\/bin\/sh .{0,64}/
|
||||
$not_podman_logging = "/usr/bin/podman $LOGGING"
|
||||
$not_stderr = /ExecStop=\/bin\/sh .{0,64}set -eu/
|
||||
$not_nfs = /ExecStop=\/bin\/sh -c \'\/usr\/sbin\/nfsdctl /
|
||||
$not_nfs = /ExecStop=\/bin\/sh -c .\/usr\/sbin\/nfsdctl /
|
||||
condition:
|
||||
filesize < 4096 and $execstop and none of ($not*)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue