From 19011b569a8c0fb611c071523c8859e96598fae3 Mon Sep 17 00:00:00 2001
From: George Allen <gallen@carbonblack.com>
Date: Sun, 21 Nov 2021 17:16:54 +0000
Subject: [PATCH] T1069.001 - update existing test with: id, getent, cat group

---
 atomics/T1069.001/T1069.001.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/atomics/T1069.001/T1069.001.yaml b/atomics/T1069.001/T1069.001.yaml
index 49c48a5c..d259deeb 100644
--- a/atomics/T1069.001/T1069.001.yaml
+++ b/atomics/T1069.001/T1069.001.yaml
@@ -13,6 +13,9 @@ atomic_tests:
       if [ -x "$(command -v dscacheutil)" ]; then dscacheutil -q group; else echo "dscacheutil is missing from the machine. skipping..."; fi;
       if [ -x "$(command -v dscl)" ]; then dscl . -list /Groups; else echo "dscl is missing from the machine. skipping..."; fi;
       if [ -x "$(command -v groups)" ]; then groups; else echo "groups is missing from the machine. skipping..."; fi;
+      if [ -x "$(command -v id)" ]; then id; else echo "id is missing from the machine. skipping..."; fi;
+      if [ -x "$(command -v getent)" ]; then getent group; else echo "getent is missing from the machine. skipping..."; fi;
+      cat /etc/group
     name: sh
 - name: Basic Permission Groups Discovery Windows (Local)
   auto_generated_guid: 1f454dd6-e134-44df-bebb-67de70fb6cd8
@@ -95,4 +98,4 @@ atomic_tests:
   executor:
     command: |
       Get-WMIObject Win32_Group
-    name: powershell
\ No newline at end of file
+    name: powershell