Fixing path in execution_shell_via_java_revshell_linux.toml (#6079)
The double slash // means this exclusion path will never match a real process argument of /opt/tomcat/statistics/statistics.jar.
This commit is contained in:
yuriShafet
@@ -2,7 +2,7 @@
|
|||||||
creation_date = "2023/07/04"
|
creation_date = "2023/07/04"
|
||||||
integration = ["endpoint"]
|
integration = ["endpoint"]
|
||||||
maturity = "production"
|
maturity = "production"
|
||||||
updated_date = "2025/12/19"
|
updated_date = "2026/05/05"
|
||||||
|
|
||||||
[rule]
|
[rule]
|
||||||
author = ["Elastic"]
|
author = ["Elastic"]
|
||||||
@@ -106,7 +106,7 @@ sequence by host.id with maxspan=5s
|
|||||||
and not (
|
and not (
|
||||||
process.parent.args in (
|
process.parent.args in (
|
||||||
"/usr/lib/jenkins/jenkins.war", "/etc/remote-iot/services/remoteiot.jar", "/opt/pentaho/data-integration/launcher/launcher.jar",
|
"/usr/lib/jenkins/jenkins.war", "/etc/remote-iot/services/remoteiot.jar", "/opt/pentaho/data-integration/launcher/launcher.jar",
|
||||||
"/usr/share/java/jenkins.war", "/opt//tomcat/statistics/statistics.jar", "/usr/lib64/NetExtender.jar",
|
"/usr/share/java/jenkins.war", "/opt/tomcat/statistics/statistics.jar", "/usr/lib64/NetExtender.jar",
|
||||||
"/var/lib/jenkins/workspace/MP-QA/tc_certified_copy*/tc_certified_copy_web_ui_test/target/surefire/surefirebooter*.jar",
|
"/var/lib/jenkins/workspace/MP-QA/tc_certified_copy*/tc_certified_copy_web_ui_test/target/surefire/surefirebooter*.jar",
|
||||||
"-javaagent:/opt/opentelemetry/opentelemetry-javaagent-all.jar", "./lib/pipeline-job-executor*SNAPSHOT.jar",
|
"-javaagent:/opt/opentelemetry/opentelemetry-javaagent-all.jar", "./lib/pipeline-job-executor*SNAPSHOT.jar",
|
||||||
"./lib/worker-launcher-agent*SNAPSHOT.jar", "/opt/Seqrite_EndPoint_Security/wildfly/jboss-modules.jar",
|
"./lib/worker-launcher-agent*SNAPSHOT.jar", "/opt/Seqrite_EndPoint_Security/wildfly/jboss-modules.jar",
|
||||||
|
|||||||
Reference in New Issue
Block a user