Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Rule tuning] Fix evasion for disable iptables rule #5

Merged
merged 4 commits into from
Jul 1, 2020
Merged

[Rule tuning] Fix evasion for disable iptables rule #5

merged 4 commits into from
Jul 1, 2020

Conversation

phra
Copy link
Contributor

@phra phra commented Jul 1, 2020
edited
Loading

will fix #4

@cla-checker-service
Copy link

cla-checker-service bot commented Jul 1, 2020
edited
Loading

💚 CLA has been signed

@rw-access rw-access added v7.9.0 Rule: Tuning tweaking or tuning an existing rule labels Jul 1, 2020
@phra
Copy link
Contributor Author

phra commented Jul 1, 2020

FYI I've signed the CLA just before opening the PR.. maybe the CLA bot is not updated yet. 😃

@rw-access
Copy link
Contributor

I'm not 100% sure how the CLA bot works -- it already knows my GitHub account as an Elastic employee, so I'm kinda exempt. But doesn't hurt to double check the email/github user name you associated with it. And you can check your profile settings to make sure the account is linked: https://github.com/settings/emails

@phra
Copy link
Contributor Author

phra commented Jul 1, 2020
edited
Loading

@rw-access yep, I've inserted the correct GitHub username and email.

EDIT: now it's stating that it's signed. 👍

brokensound77
brokensound77 reviewed Jul 1, 2020
View reviewed changes
Copy link
Collaborator

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice addition @phra, this LGTM - can you also bump the updated_date

@rw-access
Copy link
Contributor

rw-access commented Jul 1, 2020
edited
Loading

Great! I'm less familiar with these commands, so I added a few reviewers that are more familiar with the rule and the particular linux commands to double check the logic

@rw-access rw-access changed the title Update defense_evasion_attempt_to_disable_iptables_or_firewall.toml [Rule tuning] Fix evasion for disable iptables rule Jul 1, 2020
@phra
Copy link
Contributor Author

phra commented Jul 1, 2020

@brokensound77 done!

@phra phra requested a review from brokensound77 July 1, 2020 18:00
rw-access
rw-access approved these changes Jul 1, 2020
View reviewed changes
Copy link
Contributor

@rw-access rw-access left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dived into the docs a quick bit, LGTM

brokensound77
brokensound77 approved these changes Jul 1, 2020
View reviewed changes
Copy link
Collaborator

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@rw-access rw-access merged commit 46a4008 into elastic:main Jul 1, 2020
@phra
Copy link
Contributor Author

phra commented Jul 1, 2020

🥂

@rw-access rw-access mentioned this pull request Jul 1, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brokensound77 brokensound77 brokensound77 approved these changes

@rw-access rw-access rw-access approved these changes

@threat-punter threat-punter Awaiting requested review from threat-punter

Assignees
No one assigned
Labels
OS: Linux Rule: Tuning tweaking or tuning an existing rule v7.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Rule tuning] disable iptables rule can be bypassed
3 participants
@phra @rw-access @brokensound77