-
Notifications
You must be signed in to change notification settings - Fork 876
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rule updates vdec2 #315
Rule updates vdec2 #315
Commits on Jan 18, 2018
-
Additional rpm writers, root directories
salt-minion can also touch the rpm database, and some node packages write below /root/.config/configstore.
Configuration menu - View commit details
-
Copy full SHA for 80f452b - Browse repository at this point
Copy the full SHA 80f452bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5ae4c31 - Browse repository at this point
Copy the full SHA 5ae4c31View commit details -
Configuration menu - View commit details
-
Copy full SHA for d050b09 - Browse repository at this point
Copy the full SHA d050b09View commit details -
Let many veritas programs write below /etc/vx. Let one veritas-related perl script read sensitive files.
Configuration menu - View commit details
-
Copy full SHA for 73da281 - Browse repository at this point
Copy the full SHA 73da281View commit details -
https://github.com/wal-e/wal-e, archiving program for postgres.
Configuration menu - View commit details
-
Copy full SHA for 10a9e34 - Browse repository at this point
Copy the full SHA 10a9e34View commit details -
Let consul (agent) run addl scripts
Also let consul (agent, but the distinction is in the command line args) to run nc in addition to curl. Also rename the macro.
Configuration menu - View commit details
-
Copy full SHA for d708708 - Browse repository at this point
Copy the full SHA d708708View commit details -
Let postgres setuid to itself. Seen by archiving programs like wal-e.
Configuration menu - View commit details
-
Copy full SHA for 759d348 - Browse repository at this point
Copy the full SHA 759d348View commit details -
Also allow consul to run alert check scripts
"sh -c /bin/consul-alerts watch checks --alert-addr 0.0.0.0:9000 ..."
Configuration menu - View commit details
-
Copy full SHA for 9b77603 - Browse repository at this point
Copy the full SHA 9b77603View commit details -
Add additional privileged containers.
Openshift's logging support containers generally run privileged.
Configuration menu - View commit details
-
Copy full SHA for 7e8e7e8 - Browse repository at this point
Copy the full SHA 7e8e7e8View commit details -
Let addl progs write below /etc/lvm
Add lvcreate as a program that can write below /etc/lvm and rename the macro to lvprogs_writing_lvm_archive.
Configuration menu - View commit details
-
Copy full SHA for ea23498 - Browse repository at this point
Copy the full SHA ea23498View commit details -
https://glide.sh/, package management for go.
Configuration menu - View commit details
-
Copy full SHA for 8de5d6d - Browse repository at this point
Copy the full SHA 8de5d6dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 79c4e6b - Browse repository at this point
Copy the full SHA 79c4e6bView commit details -
Let scom server read sensitive files.
Microsoft System Center Operations Manager (SCOM).
Configuration menu - View commit details
-
Copy full SHA for 052f3ba - Browse repository at this point
Copy the full SHA 052f3baView commit details -
Configuration menu - View commit details
-
Copy full SHA for 36a9121 - Browse repository at this point
Copy the full SHA 36a9121View commit details -
Let needrestart_binaries spawns shells
Was included in prior version of shell rules, adding back.
Configuration menu - View commit details
-
Copy full SHA for fe7b440 - Browse repository at this point
Copy the full SHA fe7b440View commit details -
Configuration menu - View commit details
-
Copy full SHA for a25433c - Browse repository at this point
Copy the full SHA a25433cView commit details -
Configuration menu - View commit details
-
Copy full SHA for f59253e - Browse repository at this point
Copy the full SHA f59253eView commit details -
Add a different way to run denyhosts.
Strange that the program is denyhosts.py but observed in actual environments.
Configuration menu - View commit details
-
Copy full SHA for 62a29fd - Browse repository at this point
Copy the full SHA 62a29fdView commit details -
Configuration menu - View commit details
-
Copy full SHA for aee0da7 - Browse repository at this point
Copy the full SHA aee0da7View commit details -
Also let postgres run wal-e wrt shells
Previously added as an exception for db program spawned process, need to add as an exception for run shell untrusted.
Configuration menu - View commit details
-
Copy full SHA for 07e3cf9 - Browse repository at this point
Copy the full SHA 07e3cf9View commit details -
Remove installer shell-related rules
They aren't used that often and removing them cleans up space for new rules we want to add soon.
Configuration menu - View commit details
-
Copy full SHA for bb34242 - Browse repository at this point
Copy the full SHA bb34242View commit details