427 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Thomas Stromberg	9f63e3b21d	Begin making use of cgroup_paths, clear more false positives	2022-11-16 16:52:39 -05:00
Thomas Stromberg	205e45a934	Merge branch 'main' into alert-cleanup	2022-11-16 14:49:42 -05:00
Thomas Stromberg	3d7bc8363e	More false positive management	2022-11-16 14:49:36 -05:00
Thomas Strömberg	e844869be8	Merge pull request #84 from tstromberg/alert-cleanup ... Fedora 37, better touch logic (macOS) and other false-positive cleanup	2022-11-16 11:19:47 -05:00
Thomas Stromberg	18f17bbee8	Complete cleanup phase 1	2022-11-16 11:18:45 -05:00
Thomas Stromberg	b8d66ae814	Allow -sP /usr/sbin/firewalld	2022-11-16 11:03:34 -05:00
Thomas Stromberg	8047c88374	Run 'make reformat'	2022-11-16 11:02:29 -05:00
Thomas Stromberg	5d1e64ecc1	Fix file.mode comparisons	2022-11-16 11:01:22 -05:00
Thomas Stromberg	febf6cfebd	Remove newer access time check, add Sublime/Microsoft exclusion	2022-11-16 10:56:58 -05:00
Thomas Stromberg	2f30604c07	Allow Software Signing procs to be empty	2022-11-16 10:56:36 -05:00
Thomas Stromberg	f78cca5844	Be more lenient about Software Signing processes	2022-11-16 10:54:23 -05:00
Thomas Stromberg	398cbde41f	Add more exception for local webhook development	2022-11-16 10:40:46 -05:00
Thomas Stromberg	e8ee572311	Add exception for snap container mounts	2022-11-16 10:39:21 -05:00
Thomas Stromberg	f36b74c487	Fix ko-app allowance	2022-11-16 10:38:22 -05:00
Thomas Stromberg	7527e11a3b	Add systemd-fsckd, blueman-mechanism	2022-11-16 10:37:38 -05:00
Thomas Strömberg	fba85e03a5	Merge pull request #83 from tstromberg/more-flushing5 ... var executables: put quote marks around modes with leading zeros	2022-11-11 07:54:20 -05:00
Thomas Stromberg	ac4a0b84df	var executables: put quote marks around modes with leading zeros	2022-11-11 07:53:45 -05:00
Thomas Strömberg	712e0ed183	Merge pull request #82 from tstromberg/more-flushing4 ... execdir: Add ~/go and ~/bin exceptions	2022-11-10 12:56:58 -05:00
Thomas Stromberg	4a9a967b47	execdir: Add ~/go and ~/bin exceptions	2022-11-10 12:55:09 -05:00
Thomas Strömberg	d04234bea1	Merge pull request #81 from tstromberg/more-flushing4 ... https client: Add cargo running from homedir	2022-11-10 12:27:49 -05:00
Thomas Stromberg	f7237c3641	https client: Add cargo running from homedir	2022-11-10 12:26:38 -05:00
Thomas Strömberg	aef8d98452	Merge pull request #80 from tstromberg/more-flushing4 ... etc-executables: Add redhat-lsb back	2022-11-10 12:22:34 -05:00
Thomas Stromberg	875caaf64e	Add redhat-lsb back	2022-11-10 12:14:18 -05:00
Thomas Strömberg	325dad60d8	Merge pull request #79 from tstromberg/more-flushing4 ... even-timestomping: Accept strace-log-merge anywhere	2022-11-10 11:33:49 -05:00
Thomas Stromberg	32e3657221	Accept strace-log-merge anywhere	2022-11-10 11:31:37 -05:00
Thomas Strömberg	0b7475e37e	Merge pull request #78 from tstromberg/more-flushing4 ... Add /usr/local/lib/libmimalloc.so to allowed list of LD_PRELOAD	2022-11-10 11:22:21 -05:00
Thomas Stromberg	47bb017183	Add /usr/local/lib/libmimalloc.so to allowed list of LD_PRELOAD	2022-11-10 11:20:58 -05:00
Thomas Strömberg	aa1717fcf4	Merge pull request #77 from tstromberg/more-flushing4 ... Address false positives: nginx-ingress-controller, dbus, etc	2022-11-10 11:05:52 -05:00
Thomas Stromberg	f1a3354495	Address false positives: nginx-ingress-controller, dbus, etc	2022-11-10 11:04:48 -05:00
Thomas Strömberg	0bdba2b9e8	Merge pull request #76 from tstromberg/more-flushing3 ... tiny-executable-events: Add child hash & magic data, filter by regular	2022-11-09 09:14:30 -05:00
Thomas Stromberg	9b99b0f657	tiny-executable-events: Add child hash & magic data, filter by regular	2022-11-09 09:14:10 -05:00
Thomas Strömberg	0513cf159f	Merge pull request #75 from tstromberg/more-flushing2 ... Add exceptions for terraform, hugo, macOS updates	2022-11-08 14:33:24 -05:00
Thomas Stromberg	c9605d1c98	Add exceptions for terraform, hugo, macOS updates	2022-11-08 14:32:38 -05:00
Thomas Strömberg	5457c7584a	Merge pull request #74 from tstromberg/more-flushing2 ... hidden-cwd: Make all of ~/.% an exclusion	2022-11-08 14:22:42 -05:00
Thomas Stromberg	748be4c251	Make all of ~/.% an exclusion	2022-11-08 14:22:12 -05:00
Thomas Strömberg	158ca1d899	Merge pull request #73 from tstromberg/more-flushing2 ... More exceptions: obs, ssh, gjs, spotify, etc.	2022-11-08 13:00:20 -05:00
Thomas Stromberg	3dec23370c	More exclusions	2022-11-08 12:59:11 -05:00
Thomas Strömberg	adee8e2380	Merge pull request #72 from tstromberg/more-flushing ... Refactor execdir, remove false positives	2022-11-07 20:37:29 -05:00
Thomas Stromberg	f93a18d112	Refactor execdir, remove false positives	2022-11-07 20:36:37 -05:00
Thomas Strömberg	b2d518f690	Merge pull request #71 from tstromberg/monday ... Simplify macos-execdir, reduce false positives	2022-11-07 10:04:31 -05:00
Thomas Stromberg	213e29afcc	Simplify macos-execdir, reduce false positives	2022-11-07 10:03:43 -05:00
Thomas Strömberg	338a211b61	Merge pull request #70 from tstromberg/python-dir ... macOS: Add exceptions for SUSE/rancher and DHCP servers	2022-11-04 19:05:01 -04:00
Thomas Stromberg	cafe37af26	macOS: Add exceptions for SUSE/rancher and DHCP servers	2022-11-04 19:04:31 -04:00
Thomas Strömberg	969417d69c	Merge pull request #69 from tstromberg/python-dir ... Allow more gcloud auth paths	2022-11-04 11:59:32 -04:00
Thomas Stromberg	0e4f49ce78	Allow more gcloud auth paths	2022-11-04 11:57:47 -04:00
Thomas Strömberg	34dda2bf89	Merge pull request #68 from tstromberg/python-dir ... Add initial Library exceptions, also Tailscale MagicDNS & Wireshark USBmon	2022-11-04 11:54:02 -04:00
Thomas Stromberg	4bf5be2960	Add exception for Wireshark usbmon	2022-11-04 11:52:52 -04:00
Thomas Stromberg	8f873cfd85	Add exception for Tailscale MagicDNS	2022-11-04 11:52:39 -04:00
Thomas Stromberg	8931530901	Populate the initial set of exceptions	2022-11-04 11:52:24 -04:00
Thomas Strömberg	9d63c81851	Merge pull request #67 from tstromberg/python-dir ... execdir-macos: Add exception for vs-kubernetes, add child hash, fix time interval	2022-11-04 10:33:40 -04:00