Skip to content

Commit

Permalink
Osquery - Add missing rule in seeder.
Browse files Browse the repository at this point in the history
  • Loading branch information
csavelief committed Aug 26, 2024
1 parent 5fdb60a commit d5230e2
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions database/seeds/DatabaseSeeder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -404,6 +404,15 @@ private function customRules(): array
"query" => "SELECT * FROM kernel_integrity;",
"interval" => 86400,
"description" => "Various Linux kernel integrity checked attributes."
], [
'name' => "kernel_modules_snapshot",
"query" => "SELECT * FROM kernel_modules;",
"interval" => 86400,
"platform" => "linux",
"version" => "1.4.5",
"description" => "Retrieves the current list of loaded kernel modules in the target Linux system.",
"value" => "General security posture.",
"snapshot" => true
], [
'name' => 'ld_preload',
"query" => "SELECT process_envs.pid, process_envs.key, process_envs.value, processes.name, processes.path, processes.cmdline, processes.cwd FROM process_envs JOIN processes USING (pid) WHERE KEY = 'LD_PRELOAD';",
Expand Down

0 comments on commit d5230e2

Please sign in to comment.