mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2024-12-17 19:44:31 +00:00
Add exceptions for apache2, ChatGPT, and Discord among others
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
This commit is contained in:
parent
12077261e7
commit
e487aac574
@ -103,7 +103,10 @@ WHERE pos.pid IN (
|
||||
AND p0.path LIKE '/var/folders/%/T/go-build%/b001/exe/main'
|
||||
)
|
||||
AND NOT (
|
||||
unsigned_exception = '500,6,32768,gvproxy,gvproxy'
|
||||
unsigned_exception IN (
|
||||
'500,6,32768,gvproxy,gvproxy',
|
||||
'500,17,123,gvproxy,gvproxy'
|
||||
)
|
||||
AND p0.path LIKE '/opt/homebrew/Cellar/podman/%/libexec/podman/gvproxy'
|
||||
)
|
||||
GROUP BY p0.cmdline
|
||||
|
@ -82,7 +82,8 @@ WHERE (
|
||||
'~/.terraform',
|
||||
'~/.tflint.d',
|
||||
'~/.vs-kubernetes',
|
||||
'~/.krew'
|
||||
'~/.krew',
|
||||
'~/.fzf'
|
||||
)
|
||||
AND NOT top3_dir IN (
|
||||
'~/.arkade/bin',
|
||||
|
@ -78,8 +78,10 @@ WHERE
|
||||
'/.mozilla/',
|
||||
'/tmp/.accounts-agent/',
|
||||
'/tmp/.audio-agent/',
|
||||
-- Xcode; see https://github.com/pyenv/pyenv/issues/1066#issuecomment-536782897
|
||||
'/tmp/.BBE72B41371180178E084EEAF106AED4F350939DB95D3516864A1CC62E7AE82',
|
||||
-- Xcode;
|
||||
-- see https://github.com/pyenv/pyenv/issues/1066#issuecomment-536782897
|
||||
-- and https://github.com/fyne-io/fyne-cross/issues/187#issuecomment-1666606946
|
||||
'/tmp/.BBE72B41371180178E084EEAF106AED4F350939DB95D3516864A1CC62E7AE82F',
|
||||
'/tmp/.bazelci/',
|
||||
'/tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress',
|
||||
'/tmp/.content-agent/',
|
||||
|
@ -85,6 +85,7 @@ WHERE -- Focus on longer-running programs
|
||||
AND exception_key NOT IN (
|
||||
'0,velociraptor,a.out,',
|
||||
'500,cloud_sql_proxy,a.out,',
|
||||
'500,docker,docker,',
|
||||
'500,sdzoomplugin,,',
|
||||
'500,sdaudioswitch,,',
|
||||
'500,gopls,a.out,',
|
||||
|
@ -183,6 +183,7 @@ WHERE
|
||||
'cron.com',
|
||||
'discord.com',
|
||||
'dl.discordapp.net',
|
||||
'dl2.discordapp.net',
|
||||
'dl.google.com',
|
||||
'duckduckgo.com',
|
||||
'dygma.com',
|
||||
@ -213,6 +214,7 @@ WHERE
|
||||
'obsidian.md',
|
||||
'obsproject.com',
|
||||
'opalcamera.com',
|
||||
'openai.com',
|
||||
'persistent.oaistatic.com',
|
||||
'portswigger-cdn.net',
|
||||
'posit.co',
|
||||
|
@ -175,6 +175,7 @@ WHERE
|
||||
'8009,6,0,java',
|
||||
'80,6,0,docker-proxy',
|
||||
'80,6,101,nginx',
|
||||
'80,6,0,apache2',
|
||||
'80,6,33,apache2',
|
||||
'80,6,60,nginx',
|
||||
'8080,6,0,coredns',
|
||||
|
Loading…
Reference in New Issue
Block a user