tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-25 23:05:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

[MALW-3280] Added support for falcon-sensor by CrowdStrike

Browse Source
This commit is contained in:
Michael Boelen 2019-12-18 12:22:51 +01:00
parent d5bc4f7854
commit cb59e92441
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/tests_malware
View File

@ -31,6 +31,7 @@
BITDEFENDER_DAEMON_RUNNING=0 BITDEFENDER_DAEMON_RUNNING=0
CLAMD_RUNNING=0 CLAMD_RUNNING=0
CLAMSCAN_INSTALLED=0 CLAMSCAN_INSTALLED=0
CROWDSTRIKE_FALCON_SENSOR_RUNNING=0
ESET_DAEMON_RUNNING=0 ESET_DAEMON_RUNNING=0
FRESHCLAM_DAEMON_RUNNING=0 FRESHCLAM_DAEMON_RUNNING=0
KASPERSKY_SCANNER_RUNNING=0 KASPERSKY_SCANNER_RUNNING=0
@ -145,6 +146,17 @@
Report "malware_scanner[]=avira" Report "malware_scanner[]=avira"
fi fi
# CrowdStrike falcon-sensor
LogText "Test: checking process falcon-sensor (CrowdStrike)"
if IsRunning "falcon-sensor"; then
FOUND=1
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} falcon-sensor" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found falcon-sensor service"
CROWDSTRIKE_FALCON_SENSOR_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
Report "malware_scanner[]=falcon-sensor"
fi
# Cylance (macOS) # Cylance (macOS)
LogText "Test: checking process CylanceSvc" LogText "Test: checking process CylanceSvc"
if IsRunning "CylanceSvc"; then if IsRunning "CylanceSvc"; then