mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2025-01-10 07:39:26 +00:00
Merge pull request #83 from tstromberg/more-flushing5
var executables: put quote marks around modes with leading zeros
This commit is contained in:
Thomas Strömberg
GitHub
commit
fba85e03a5
@ -95,11 +95,11 @@ WHERE
|
||||
file.path LIKE '/var/db/timezone/zoneinfo/%'
|
||||
AND magic.data LIKE 'timezone%'
|
||||
AND file.size < 3000
|
||||
AND file.mode = 0755
|
||||
AND file.mode = '0755'
|
||||
)
|
||||
-- JetBrains (Delve)
|
||||
AND NOT (
|
||||
file.path LIKE '/var/folders/%/%/T/dlvLauncher.sh'
|
||||
AND file.size < 1024
|
||||
AND file.mode = 0744
|
||||
AND file.mode = '0744'
|
||||
)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user