Skip to content

Commit

Permalink
Exclude for zgrep instead of just grep
Browse files Browse the repository at this point in the history 
Co-authored-by: dav3r <david.redmin@gwe.cisa.dhs.gov>
  • Loading branch information
@bra1ncramp @dav3r @mcdonnnj
2 people authored and mcdonnnj committed Nov 1, 2023
1 parent 754450b commit 0efbc6c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion extras/ioc_scan_by_host.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ for instance_id in "${instances[@]}"; do
# command (e.g. sudo.log).
aws ssm start-session --target="$instance_id" \
--document=AWS-StartInteractiveCommand \
--parameters="command='hostname; for i in ${iocList[*]}; do sudo find /var/log -type f -not -name \*\.journal -exec zgrep --ignore-case \$i {} \; | grep --invert-match -- grep\ --ignore-case | echo \$(wc --lines) found for \$i; done'"
--parameters="command='hostname; for i in ${iocList[*]}; do sudo find /var/log -type f -not -name \*\.journal -exec zgrep --ignore-case \$i {} \; | grep --invert-match -- zgrep\ --ignore-case | echo \$(wc --lines) found for \$i; done'"

echo Search of "$instance_id" is complete.
done

0 comments on commit 0efbc6c

Please sign in to comment.