To receive notifications about scheduled maintenance, please subscribe to the mailing-list gitlab-operations@sympa.ethz.ch. You can subscribe to the mailing-list at https://sympa.ethz.ch

Commit 3b7c4284 authored by Axel Beckert's avatar Axel Beckert

Remove duplicate and false-positive IOCs

Prove:

pm-utils-1.4.1-27.el7.x86_64
sos-3.8-8.el7_8.noarch
.........  c /etc/sos.conf
missing   g /var/log/pm-suspend.log
missing   g /var/run/pm-utils
missing   g /var/run/pm-utils/locks
missing   g /var/run/pm-utils/locks/pm-powersave.lock
missing   g /var/run/pm-utils/locks/pm-suspend.lock
missing   g /var/run/pm-utils/pm-powersave
missing   g /var/run/pm-utils/pm-powersave/storage
missing   g /var/run/pm-utils/pm-suspend
missing   g /var/run/pm-utils/pm-suspend/storage

/usr/share/sos/ is probably only in there because of
/usr/share/sos/rh.pub and sos not having been installed on the system
where the initial IOC list was compiled.
parent e6f2dc1a
......@@ -5,6 +5,11 @@ use warnings;
use 5.010;
# IOCs from https://csirt.egi.eu/academic-data-centers-abused-for-crypto-currency-mining/
#
# Removed due to false positives:
# /usr/bin/on_ac_power EGI20200421
# /usr/share/sos/ EGI20200421
my %ioc = qw(
/home/*/.mozilla/xdm EGI20200421
/tmp/.dbs* EGI20200421
......@@ -18,12 +23,9 @@ my %ioc = qw(
/tmp/check_power EGI20200421
/tmp/hdshare EGI20200421
/tmp/readps EGI20200421
/usr/bin/on_ac_power EGI20200421
/usr/lib/libocs.so EGI20200421
/usr/lib64/.lib/l64 EGI20200421
/usr/share/aldi.so EGI20200421
/usr/share/sos/ EGI20200421
/usr/share/sos/rh.pub EGI20200421
/usr/share/sos/rh.pub EGI20200421
/var/tmp/.lock EGI20200421
/var/tmp/.lock/clogs EGI20200421
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment