open_files

Name: open_files
Retrieves all the open files per process in the target system.: Identify processes accessing sensitive files they shouldn't

Query:
select distinct pid, path from process_open_files where path not like '/private/var/folders%' and path not like '/System/Library/%' and path not in ('/dev/null', '/dev/urandom', '/dev/random');
Additional Query Info:
Version: 1.4.5
Platform: posix
Interval: 86400

JSON:
{
  "queries": {
    "open_files": {
      "query" : "select distinct pid, path from process_open_files where path not like '/private/var/folders%' and path not like '/System/Library/%' and path not in ('/dev/null', '/dev/urandom', '/dev/random');",
      "interval" : "86400",
      "platform" : "posix",
      "version": "1.4.5",
      "description" : "Retrieves all the open files per process in the target system.",
      "value" : "Identify processes accessing sensitive files they shouldn't"
    }
  }
}

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com