RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
433 Commits 1 Branch 31 Tags 5.7 MiB
Commit Graph

433 Commits

Author SHA1 Message Date
Thomas Stromberg 018eb595c5
Add goa-daemon exception (sends telemetry to Google) 2022-11-17 10:17:45 -05:00
Thomas Strömberg 81f0f52bcb
Merge pull request #87 from tstromberg/more-alerts 
Add exceptions for Microsoft teams, gcloud, qemu, ldconfig, fix go build paths
 2022-11-17 07:21:30 -05:00
Thomas Stromberg eeeaeecda1
Add exceptions for Microsoft teams, ldconfig, fix go build paths 2022-11-17 07:20:19 -05:00
Thomas Strömberg 60d66a5e41
Merge pull request #86 from tstromberg/hidden-exec 
Add hidden-executable rule
 2022-11-16 20:56:14 -05:00
Thomas Stromberg 288ec9e0f5
Add hidden-executable rule 2022-11-16 20:55:49 -05:00
Thomas Strömberg f04f1cdf94
Merge pull request #85 from tstromberg/alert-cleanup 
Begin making use of cgroup_paths, clear more false positives
 2022-11-16 16:53:23 -05:00
Thomas Stromberg 9f63e3b21d
Begin making use of cgroup_paths, clear more false positives 2022-11-16 16:52:39 -05:00
Thomas Stromberg 205e45a934
Merge branch 'main' into alert-cleanup 2022-11-16 14:49:42 -05:00
Thomas Stromberg 3d7bc8363e
More false positive management 2022-11-16 14:49:36 -05:00
Thomas Strömberg e844869be8
Merge pull request #84 from tstromberg/alert-cleanup 
Fedora 37, better touch logic (macOS) and other false-positive cleanup
 2022-11-16 11:19:47 -05:00
Thomas Stromberg 18f17bbee8
Complete cleanup phase 1 2022-11-16 11:18:45 -05:00
Thomas Stromberg b8d66ae814
Allow -sP /usr/sbin/firewalld 2022-11-16 11:03:34 -05:00
Thomas Stromberg 8047c88374
Run 'make reformat' 2022-11-16 11:02:29 -05:00
Thomas Stromberg 5d1e64ecc1
Fix file.mode comparisons 2022-11-16 11:01:22 -05:00
Thomas Stromberg febf6cfebd
Remove newer access time check, add Sublime/Microsoft exclusion 2022-11-16 10:56:58 -05:00
Thomas Stromberg 2f30604c07
Allow Software Signing procs to be empty 2022-11-16 10:56:36 -05:00
Thomas Stromberg f78cca5844
Be more lenient about Software Signing processes 2022-11-16 10:54:23 -05:00
Thomas Stromberg 398cbde41f
Add more exception for local webhook development 2022-11-16 10:40:46 -05:00
Thomas Stromberg e8ee572311
Add exception for snap container mounts 2022-11-16 10:39:21 -05:00
Thomas Stromberg f36b74c487
Fix ko-app allowance 2022-11-16 10:38:22 -05:00
Thomas Stromberg 7527e11a3b
Add systemd-fsckd, blueman-mechanism 2022-11-16 10:37:38 -05:00
Thomas Strömberg fba85e03a5
Merge pull request #83 from tstromberg/more-flushing5 
var executables: put quote marks around modes with leading zeros
 2022-11-11 07:54:20 -05:00
Thomas Stromberg ac4a0b84df
var executables: put quote marks around modes with leading zeros 2022-11-11 07:53:45 -05:00
Thomas Strömberg 712e0ed183
Merge pull request #82 from tstromberg/more-flushing4 
execdir: Add ~/go and ~/bin exceptions
 2022-11-10 12:56:58 -05:00
Thomas Stromberg 4a9a967b47
execdir: Add ~/go and ~/bin exceptions 2022-11-10 12:55:09 -05:00
Thomas Strömberg d04234bea1
Merge pull request #81 from tstromberg/more-flushing4 
https client: Add cargo running from homedir
 2022-11-10 12:27:49 -05:00
Thomas Stromberg f7237c3641
https client: Add cargo running from homedir 2022-11-10 12:26:38 -05:00
Thomas Strömberg aef8d98452
Merge pull request #80 from tstromberg/more-flushing4 
etc-executables: Add redhat-lsb back
 2022-11-10 12:22:34 -05:00
Thomas Stromberg 875caaf64e
Add redhat-lsb back 2022-11-10 12:14:18 -05:00
Thomas Strömberg 325dad60d8
Merge pull request #79 from tstromberg/more-flushing4 
even-timestomping: Accept strace-log-merge anywhere
 2022-11-10 11:33:49 -05:00
Thomas Stromberg 32e3657221
Accept strace-log-merge anywhere 2022-11-10 11:31:37 -05:00
Thomas Strömberg 0b7475e37e
Merge pull request #78 from tstromberg/more-flushing4 
Add /usr/local/lib/libmimalloc.so to allowed list of LD_PRELOAD
 2022-11-10 11:22:21 -05:00
Thomas Stromberg 47bb017183
Add /usr/local/lib/libmimalloc.so to allowed list of LD_PRELOAD 2022-11-10 11:20:58 -05:00
Thomas Strömberg aa1717fcf4
Merge pull request #77 from tstromberg/more-flushing4 
Address false positives: nginx-ingress-controller, dbus, etc
 2022-11-10 11:05:52 -05:00
Thomas Stromberg f1a3354495
Address false positives: nginx-ingress-controller, dbus, etc 2022-11-10 11:04:48 -05:00
Thomas Strömberg 0bdba2b9e8
Merge pull request #76 from tstromberg/more-flushing3 
tiny-executable-events: Add child hash & magic data, filter by regular
 2022-11-09 09:14:30 -05:00
Thomas Stromberg 9b99b0f657
tiny-executable-events: Add child hash & magic data, filter by regular 2022-11-09 09:14:10 -05:00
Thomas Strömberg 0513cf159f
Merge pull request #75 from tstromberg/more-flushing2 
Add exceptions for terraform, hugo, macOS updates
 2022-11-08 14:33:24 -05:00
Thomas Stromberg c9605d1c98
Add exceptions for terraform, hugo, macOS updates 2022-11-08 14:32:38 -05:00
Thomas Strömberg 5457c7584a
Merge pull request #74 from tstromberg/more-flushing2 
hidden-cwd: Make all of ~/.% an exclusion
 2022-11-08 14:22:42 -05:00
Thomas Stromberg 748be4c251
Make all of ~/.% an exclusion 2022-11-08 14:22:12 -05:00
Thomas Strömberg 158ca1d899
Merge pull request #73 from tstromberg/more-flushing2 
More exceptions: obs, ssh, gjs, spotify, etc.
 2022-11-08 13:00:20 -05:00
Thomas Stromberg 3dec23370c
More exclusions 2022-11-08 12:59:11 -05:00
Thomas Strömberg adee8e2380
Merge pull request #72 from tstromberg/more-flushing 
Refactor execdir, remove false positives
 2022-11-07 20:37:29 -05:00
Thomas Stromberg f93a18d112
Refactor execdir, remove false positives 2022-11-07 20:36:37 -05:00
Thomas Strömberg b2d518f690
Merge pull request #71 from tstromberg/monday 
Simplify macos-execdir, reduce false positives
 2022-11-07 10:04:31 -05:00
Thomas Stromberg 213e29afcc
Simplify macos-execdir, reduce false positives 2022-11-07 10:03:43 -05:00
Thomas Strömberg 338a211b61
Merge pull request #70 from tstromberg/python-dir 
macOS: Add exceptions for SUSE/rancher and DHCP servers
 2022-11-04 19:05:01 -04:00
Thomas Stromberg cafe37af26
macOS: Add exceptions for SUSE/rancher and DHCP servers 2022-11-04 19:04:31 -04:00
Thomas Strömberg 969417d69c
Merge pull request #69 from tstromberg/python-dir 
Allow more gcloud auth paths
 2022-11-04 11:59:32 -04:00