osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 07:39:26 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	8281a825db	Add dnf with python 3.11	2022-11-22 16:29:52 -05:00
Thomas Stromberg	a134827165	Add gdm-session-wor	2022-11-22 09:24:03 -05:00
Thomas Stromberg	6a7c4b6668	Pre-Thanksgiving False Positive cleanup, including Pop!OS support	2022-11-22 09:21:03 -05:00
Thomas Stromberg	8e3d6a1614	False positives: melange, ~/dev, debian-sa1, AdBlock, cover, kubelr, etc	2022-11-18 10:27:43 -05:00
Thomas Stromberg	85fdfaaa62	empty-environ: only check root pids to reduce false-positives	2022-11-18 09:32:00 -05:00
Thomas Stromberg	018eb595c5	Add goa-daemon exception (sends telemetry to Google)	2022-11-17 10:17:45 -05:00
Thomas Stromberg	eeeaeecda1	Add exceptions for Microsoft teams, ldconfig, fix go build paths	2022-11-17 07:20:19 -05:00
Thomas Strömberg	60d66a5e41	Merge pull request #86 from tstromberg/hidden-exec Add hidden-executable rule	2022-11-16 20:56:14 -05:00
Thomas Stromberg	288ec9e0f5	Add hidden-executable rule	2022-11-16 20:55:49 -05:00
Thomas Stromberg	9f63e3b21d	Begin making use of cgroup_paths, clear more false positives	2022-11-16 16:52:39 -05:00
Thomas Stromberg	3d7bc8363e	More false positive management	2022-11-16 14:49:36 -05:00
Thomas Stromberg	18f17bbee8	Complete cleanup phase 1	2022-11-16 11:18:45 -05:00
Thomas Stromberg	b8d66ae814	Allow -sP /usr/sbin/firewalld	2022-11-16 11:03:34 -05:00
Thomas Stromberg	8047c88374	Run 'make reformat'	2022-11-16 11:02:29 -05:00
Thomas Stromberg	5d1e64ecc1	Fix file.mode comparisons	2022-11-16 11:01:22 -05:00
Thomas Stromberg	febf6cfebd	Remove newer access time check, add Sublime/Microsoft exclusion	2022-11-16 10:56:58 -05:00
Thomas Stromberg	2f30604c07	Allow Software Signing procs to be empty	2022-11-16 10:56:36 -05:00
Thomas Stromberg	f78cca5844	Be more lenient about Software Signing processes	2022-11-16 10:54:23 -05:00
Thomas Stromberg	398cbde41f	Add more exception for local webhook development	2022-11-16 10:40:46 -05:00
Thomas Stromberg	e8ee572311	Add exception for snap container mounts	2022-11-16 10:39:21 -05:00
Thomas Stromberg	f36b74c487	Fix ko-app allowance	2022-11-16 10:38:22 -05:00
Thomas Stromberg	7527e11a3b	Add systemd-fsckd, blueman-mechanism	2022-11-16 10:37:38 -05:00
Thomas Stromberg	ac4a0b84df	var executables: put quote marks around modes with leading zeros	2022-11-11 07:53:45 -05:00
Thomas Stromberg	4a9a967b47	execdir: Add ~/go and ~/bin exceptions	2022-11-10 12:55:09 -05:00
Thomas Stromberg	f7237c3641	https client: Add cargo running from homedir	2022-11-10 12:26:38 -05:00
Thomas Stromberg	875caaf64e	Add redhat-lsb back	2022-11-10 12:14:18 -05:00
Thomas Stromberg	32e3657221	Accept strace-log-merge anywhere	2022-11-10 11:31:37 -05:00
Thomas Stromberg	47bb017183	Add /usr/local/lib/libmimalloc.so to allowed list of LD_PRELOAD	2022-11-10 11:20:58 -05:00
Thomas Stromberg	f1a3354495	Address false positives: nginx-ingress-controller, dbus, etc	2022-11-10 11:04:48 -05:00
Thomas Stromberg	9b99b0f657	tiny-executable-events: Add child hash & magic data, filter by regular	2022-11-09 09:14:10 -05:00
Thomas Stromberg	c9605d1c98	Add exceptions for terraform, hugo, macOS updates	2022-11-08 14:32:38 -05:00
Thomas Stromberg	748be4c251	Make all of ~/.% an exclusion	2022-11-08 14:22:12 -05:00
Thomas Stromberg	3dec23370c	More exclusions	2022-11-08 12:59:11 -05:00
Thomas Stromberg	f93a18d112	Refactor execdir, remove false positives	2022-11-07 20:36:37 -05:00
Thomas Stromberg	213e29afcc	Simplify macos-execdir, reduce false positives	2022-11-07 10:03:43 -05:00
Thomas Stromberg	cafe37af26	macOS: Add exceptions for SUSE/rancher and DHCP servers	2022-11-04 19:04:31 -04:00
Thomas Stromberg	0e4f49ce78	Allow more gcloud auth paths	2022-11-04 11:57:47 -04:00
Thomas Stromberg	4bf5be2960	Add exception for Wireshark usbmon	2022-11-04 11:52:52 -04:00
Thomas Stromberg	8f873cfd85	Add exception for Tailscale MagicDNS	2022-11-04 11:52:39 -04:00
Thomas Stromberg	8931530901	Populate the initial set of exceptions	2022-11-04 11:52:24 -04:00
Thomas Stromberg	a544ab1f7e	Add exception for vs-kubernetes, add child hash, fix time interval	2022-11-04 10:32:45 -04:00
Thomas Stromberg	87f727fc36	Add Python exception (signed by Ned Deily)	2022-11-04 10:22:35 -04:00
Thomas Stromberg	180efa23e0	Add karabiner_session_monitor exception	2022-11-04 09:57:41 -04:00
Thomas Stromberg	8de176d191	recently-created-executables: add missing comma	2022-11-04 09:12:38 -04:00
Thomas Strömberg	4aa32afc0d	Merge pull request #63 from tstromberg/hidden-home Add detections for hidden home configuration directories	2022-11-04 08:54:34 -04:00
Thomas Stromberg	d9fd2e9d7c	Add detections for hidden home Library directories	2022-11-04 08:51:17 -04:00
Thomas Stromberg	91f0d3e283	Add detections for hidden home configuration directories	2022-11-04 08:50:34 -04:00
Thomas Stromberg	b3fdde9ed7	Add PlayTo for Chromecast	2022-11-04 08:11:33 -04:00
Thomas Stromberg	a29ca8bc2c	jetbrains-toolbox can be owned by anyone	2022-11-04 08:08:43 -04:00
Thomas Stromberg	1790e7b114	Add spotify exception	2022-11-04 08:08:26 -04:00

1 2 3 4 5

244 Commits