Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule updates vdec2 #315

Merged
merged 21 commits into from
Jan 18, 2018
Merged

Rule updates vdec2 #315

merged 21 commits into from
Jan 18, 2018

Commits on Jan 18, 2018

  1. Additional rpm writers, root directories 

    salt-minion can also touch the rpm database, and some node packages
write below /root/.config/configstore.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    80f452b View commit details
    Browse the repository at this point in the history

  2. Add smbd as a protected shell spawner. 

    It's a server-like program.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    5ae4c31 View commit details
    Browse the repository at this point in the history

  3. Also handle .ash_history 

    default shell for alpine linux
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    d050b09 View commit details
    Browse the repository at this point in the history

  4. Add exceptions for veritas 

    Let many veritas programs write below /etc/vx.

Let one veritas-related perl script read sensitive files.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    73da281 View commit details
    Browse the repository at this point in the history

  5. Allow postgres to run wal-e 

    https://github.com/wal-e/wal-e, archiving program for postgres.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    10a9e34 View commit details
    Browse the repository at this point in the history

  6. Let consul (agent) run addl scripts 

    Also let consul (agent, but the distinction is in the command line args)
to run nc in addition to curl. Also rename the macro.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    d708708 View commit details
    Browse the repository at this point in the history

  7. Let postgres setuid to itself 

    Let postgres setuid to itself. Seen by archiving programs like wal-e.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    759d348 View commit details
    Browse the repository at this point in the history

  8. Also allow consul to run alert check scripts 

    "sh -c /bin/consul-alerts watch checks --alert-addr 0.0.0.0:9000 ..."
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    9b77603 View commit details
    Browse the repository at this point in the history

  9. Add additional privileged containers. 

    Openshift's logging support containers generally run privileged.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    7e8e7e8 View commit details
    Browse the repository at this point in the history

  10. Let addl progs write below /etc/lvm 

    Add lvcreate as a program that can write below /etc/lvm and rename the
macro to lvprogs_writing_lvm_archive.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    ea23498 View commit details
    Browse the repository at this point in the history

  11. Let glide write below root 

    https://glide.sh/, package management for go.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    8de5d6d View commit details
    Browse the repository at this point in the history

  12. Let sosreport read sensitive files.

    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    79c4e6b View commit details
    Browse the repository at this point in the history

  13. Let scom server read sensitive files. 

    Microsoft System Center Operations Manager (SCOM).
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    052f3ba View commit details
    Browse the repository at this point in the history

  14. Let kube-router run privileged. 

    https://github.com/cloudnativelabs/kube-router
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    36a9121 View commit details
    Browse the repository at this point in the history

  15. Let needrestart_binaries spawns shells 

    Was included in prior version of shell rules, adding back.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    fe7b440 View commit details
    Browse the repository at this point in the history

  16. Let splunk spawn shells below /opt/splunkforwarder

    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    a25433c View commit details
    Browse the repository at this point in the history

  17. Add yum-cron as a rpm binary

    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    f59253e View commit details
    Browse the repository at this point in the history

  18. Add a different way to run denyhosts. 

    Strange that the program is denyhosts.py but observed in actual
environments.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    62a29fd View commit details
    Browse the repository at this point in the history

  19. Let nrpe setuid to nagios.

    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    aee0da7 View commit details
    Browse the repository at this point in the history

  20. Also let postgres run wal-e wrt shells 

    Previously added as an exception for db program spawned process, need to
add as an exception for run shell untrusted.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    07e3cf9 View commit details
    Browse the repository at this point in the history

  21. Remove installer shell-related rules 

    They aren't used that often and removing them cleans up space for new
rules we want to add soon.
    @mstemm
    mstemm committed Jan 18, 2018
    Configuration menu
    Copy the full SHA
    bb34242 View commit details
    Browse the repository at this point in the history