bf8f0307b7
Rename lnx_space_after_filename_ to lnx_space_after_filename_.yml
2020-07-13 01:33:59 +03:00
4b74a0df76
Create lnx_space_after_filename_
2020-07-13 01:33:39 +03:00
c749aa2539
Create lnx_setgid_setuid
2020-07-13 01:33:09 +03:00
6b24a5df65
Create lnx_security_tools_disabling.yml
2020-07-13 01:32:24 +03:00
bdeca13825
Create lnx_proxy_connection.yml
2020-07-13 01:31:05 +03:00
708a28e307
Delete lnx_space_after_filename.yml
2020-07-13 01:26:37 +03:00
af6ad5a41b
Delete lnx_setuid_setgid.yml
2020-07-13 01:26:29 +03:00
64a9b6e098
Delete lnx_disabling_security_tools.yml
2020-07-13 01:26:11 +03:00
7466c8d425
Delete lnx_connection_proxy.yml
2020-07-13 01:26:03 +03:00
7ce16d1bbc
Update lnx_space_after_filename.yml
2020-07-13 01:07:32 +03:00
47a2f1bc94
Update lnx_space_after_filename.yml
2020-07-03 18:56:51 +03:00
51363d8a87
Update lnx_setuid_setgid.yml
2020-07-03 18:56:40 +03:00
87346d4b94
Update lnx_disabling_security_tools.yml
2020-07-03 18:56:30 +03:00
64afd6e7ee
Update lnx_connection_proxy.yml
2020-07-03 18:56:19 +03:00
9bfc3d6807
Delete lnx_file_copy.yml
2020-06-18 23:37:12 +03:00
a963630db8
Remote File Copy
2020-06-18 23:36:29 +03:00
3a607abe33
Update lnx_trap.yml
2020-06-17 19:51:53 +03:00
7b86f4aefb
Update lnx_trap.yml
2020-06-17 19:47:31 +03:00
ebbd32d2e1
file extension
2020-06-17 19:43:57 +03:00
f989f7e155
file extension
2020-06-17 19:43:49 +03:00
772c03c49a
Connection Proxy
2020-06-17 19:39:55 +03:00
9d285ecf74
Trap
2020-06-17 19:39:00 +03:00
d0b66ab828
Space After Filename
2020-06-17 19:38:38 +03:00
3b8fb9e3d8
Disabling Security Tools
2020-06-17 19:38:10 +03:00
fd2429bd34
Update lnx_setuid_setgid.yml
2020-06-16 19:46:50 +02:00
06fe720165
Update lnx_sudo_enumeration.yml
2020-06-16 19:33:39 +02:00
545c05d4d3
Update lnx_setuid_setgid.yml
2020-06-16 19:31:34 +02:00
0027415fa2
Update lnx_setuid_setgid.yml
2020-06-16 20:26:50 +03:00
41b2309418
file type changed
2020-06-16 20:24:09 +03:00
0d0058da43
added id
2020-06-16 20:21:07 +03:00
bbcd506fb1
added id
2020-06-16 20:21:02 +03:00
ace575aaa6
added id
2020-06-16 20:20:42 +03:00
4b1557a587
Setuid and Setgid
...
Detects suspicious change of file privileges with chown and chmod commands
2020-06-16 20:12:24 +03:00
b7e1c6750c
sudo caching
...
attack.t1206
2020-06-16 19:31:02 +03:00
e43f13ed67
Update lnx_sudo_enumeration.yml
...
attack.t1169
2020-06-16 19:20:42 +03:00
52487159c5
Detect Sudo enumeration commands
2020-06-16 19:17:00 +03:00
74e16fdccd
Merge pull request #803 from gamma37/clear_cmd_history
...
Edit Clear Command History
2020-05-29 17:32:43 +02:00
537bda4417
Update lnx_shell_clear_cmd_history.yml
2020-05-28 10:56:35 +02:00
5a48934822
Edit Clear Command History
...
I suggest a new point of view to detect that bash_history has been cleared : Instead of trying to detect all the commands that can do that, we could monitor the size of the file and log whenever it has less than 1 line.
2020-05-28 10:52:17 +02:00
8321cc7ee1
Merge pull request #772 from gamma37/suspicious_activities
...
Create a rule for "suspicious activities"
2020-05-23 18:11:32 +02:00
e1a05dfc1c
Update lnx_auditd_susp_C2_commands.yml
2020-05-23 16:49:03 +02:00
71c507d8a9
remove space bedore colon
2020-05-18 11:34:53 +02:00
55eec46932
Create a rule for "suspicious activities"
2020-05-18 11:25:18 +02:00
cbf06b1e43
lowercased tag
2020-05-18 10:11:32 +02:00
904716771a
Create a new rule to detect "Create Account"
2020-05-18 10:03:34 +02:00
7b713fbe7f
rule: OpenSSHd rule adjusted
2020-05-15 17:19:32 +02:00
373424f145
Rule fixes
...
Made tests pass the new CI tests. Added further allowed lower case words
in rule test.
2020-02-20 23:00:16 +01:00
d7bd90cb24
Merge branch 'master' into oscd
2020-02-03 23:13:16 +01:00
593abb1cce
OSCD QA wave 3
2020-02-02 12:41:12 +01:00
03ecb3b8dc
refactor: moved rues from 'apt' folder in respective folders
2020-02-01 17:59:26 +01:00
Ömer Günal