Update lnx_setuid_setgid.yml
This commit is contained in:
Florian Roth
@@ -13,12 +13,12 @@ level: low
|
||||
logsource:
|
||||
product: linux
|
||||
detection:
|
||||
selection1|contains:
|
||||
- 'sudo chown root'
|
||||
selection2|contains:
|
||||
- 'sudo chmod u+s'
|
||||
selection3|contains:
|
||||
- 'sudo chmod g+s'
|
||||
selection1:
|
||||
- '*chown root*'
|
||||
selection2:
|
||||
- '* chmod u+s*'
|
||||
selection3:
|
||||
- '* chmod g+s*'
|
||||
condition: (selection1 and selection2) or (selection1 and selection3)
|
||||
falsepositives:
|
||||
- Legitimate administration activities
|
||||
|
||||
Reference in New Issue
Block a user