Merge pull request #400 from r0cketlad/21oct2024

small fpr push
chainguard-dev · Oct 23, 2024 · c8e99a5 · c8e99a5
2 parents 5c7bdbc + fbf9a56
commit c8e99a5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/detection/execution/unexpected-setuid-binaries.sql b/detection/execution/unexpected-setuid-binaries.sql
@@ -119,7 +119,9 @@ FROM
           '/usr/sbin/umount.nfs',
           '/usr/sbin/umount.nfs4',
           '/usr/sbin/userhelper',
-          '/usr/sbin/wodim'
+          '/usr/sbin/wodim',
+          '/bin/bwrap',
+          '/usr/bin/bwrap'
         )
       )
       AND NOT (

diff --git a/detection/impact/evenly-timestomped.sql b/detection/impact/evenly-timestomped.sql
@@ -26,7 +26,6 @@ WHERE
     OR file.path LIKE "/etc/%%"
     OR file.path LIKE "/sbin/%%"
     OR file.path LIKE "/lib/%%"
-    OR file.path LIKE "/usr/%%"
   )
   -- This timestamp is in UTC
   AND file.mtime > (strftime('%s', 'now') - (86400 * 720))
@@ -51,5 +50,3 @@ WHERE
   AND file.path NOT LIKE '%/lynis%'
   AND file.path NOT LIKE '%/yelp-xsl%'
   AND file.path NOT LIKE '/etc/cups/%'
-  AND file.path NOT LIKE '/usr/share/libinput/%.quirks'
-  AND file.path NOT LIKE '/usr/lib64/electron/locales/%.pak'