committing changes in /etc made by "-bash"

Package changes:
2023-06-12 09:31:52 +03:00
parent c0fa2707f8
commit f7af00565c
146 changed files with 10641 additions and 0 deletions
--- a/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-37042.yaml
+++ b/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-37042.yaml
@@ -0,0 +1,18 @@
+type: trigger
+#debug: true
+name: crowdsecurity/CVE-2022-37042
+description: "Detect CVE-2022-37042 exploits"
+filter: |
+    (
+    Upper(evt.Meta.http_path) contains Upper('/service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1') ||
+    Upper(evt.Meta.http_path) contains Upper('/service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd') 
+    )
+    and evt.Meta.http_status startsWith ('40') and
+    Upper(evt.Meta.http_verb) == 'POST'
+
+
+blackhole: 2m
+groupby: "evt.Meta.source_ip"
+labels:
+  type: exploit
+  remediation: true