saving uncommitted changes in /etc prior to dnf run

crowdsec/hub/scenarios/crowdsecurity/CVE-2022-41697.yaml

@@ -2,13 +2,21 @@ type: leaky
 name: crowdsecurity/CVE-2022-41697
 description: "Detect CVE-2022-41697 enumeration"
 filter: |
-    Upper(evt.Meta.http_path) contains Upper('/ghost/api/admin/session') &&
-    Upper(evt.Parsed.verb) == 'POST' &&
-    evt.Meta.http_status == '404'
+  Upper(evt.Meta.http_path) contains Upper('/ghost/api/admin/session') &&
+  Upper(evt.Parsed.verb) == 'POST' &&
+  evt.Meta.http_status == '404'
 leakspeed: "10s"
 capacity: 5
 blackhole: 1m
 groupby: "evt.Meta.source_ip"
 labels:
   type: exploit
-  remediation: true
+  remediation: true
+  classification:
+    - attack.T1589
+    - cve.CVE-2022-41697
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  label: "Ghost CVE-2022-41697"
+  service: ghost