From 89a24d4bfae596777596bcf98d021817e19e8958 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= <o.gunal977@gmail.com>
Date: Sat, 7 Nov 2020 11:50:30 +0300
Subject: [PATCH] Update lnx_install_root_certificate.yml

---
 rules/linux/lnx_install_root_certificate.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/rules/linux/lnx_install_root_certificate.yml b/rules/linux/lnx_install_root_certificate.yml
index c6e9be9a2..702a3e80c 100644
--- a/rules/linux/lnx_install_root_certificate.yml
+++ b/rules/linux/lnx_install_root_certificate.yml
@@ -14,12 +14,14 @@ detection:
         - CommandLine|contains|all:
           - 'mv '
           - '/usr/local/share/ca-certificates'
-          - 'update-ca-certificates'
     selection2:
+        - ProcessName|contains:
+          - 'update-ca-certificates'
+    selection3:
         - CommandLine|contains|all:
           - 'cp '
           - 'rootCA.crt'
           - 'update-ca-trust'
-    condition: selection or selection2
+    condition: (selection and selection2) or selection3
 falsepositives:
     - Legitimate administration activities