osquery-defense-kit/incident_response/suid_bin.sql
2022-10-19 16:19:53 -04:00

9 lines
130 B
SQL

-- Retrieves setuid-enabled executables in well-known paths
--
-- platform: posix
-- tags: postmortem
SELECT
*
FROM
suid_bin;