From fd2429bd34f8d12dd445edc798237cc96812e69d Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Tue, 16 Jun 2020 19:46:50 +0200
Subject: [PATCH] Update lnx_setuid_setgid.yml

---
 rules/linux/lnx_setuid_setgid.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/rules/linux/lnx_setuid_setgid.yml b/rules/linux/lnx_setuid_setgid.yml
index c46ed2863..9b8d2e5ca 100644
--- a/rules/linux/lnx_setuid_setgid.yml
+++ b/rules/linux/lnx_setuid_setgid.yml
@@ -13,12 +13,12 @@ level: low
 logsource:
     product: linux
 detection:
-    selection1|contains:
-        - 'sudo chown root'    
-    selection2|contains:
-        - 'sudo chmod u+s'
-    selection3|contains:
-        - 'sudo chmod g+s'
+    selection1:
+        - '*chown root*'    
+    selection2:
+        - '* chmod u+s*'
+    selection3:
+        - '* chmod g+s*'
     condition: (selection1 and selection2) or (selection1 and selection3)
 falsepositives:
     - Legitimate administration activities