RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
osquery-defense-kit/incident_response/authorized_keys.sql

10 lines
210 B
SQL
Raw Blame History

-- Retrieves all the currently installed authorized keys on a system
--
-- tags: postmortem
-- platform: posix
SELECT
authorized_keys.*
FROM
users
JOIN authorized_keys ON users.uid = authorized_keys.uid;
Reference in New Issue View Git Blame Copy Permalink