I hereby claim:
- I am humpalum on github.
- I am hmplm (https://keybase.io/hmplm) on keybase.
- I have a public key whose fingerprint is A6C3 431A F234 6C2E 1F6E 8200 B579 A575 0985 1164
To claim this, I am signing this object:
Tobias Michalski humpalum
humpalum
/ keybase.md
Created
February 8, 2022 07:36
humpalum
/ exaramel.yml
Last active
February 17, 2021 11:42
Ansible playbook to check for files related to Exaramel
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Checks if files exists that related to Exaramel Malware | |
| # Ref:https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf | |
| - name: Setting files to check | |
| set_fact: | |
| maliciousFiles: | |
| - /tmp/.applocktx | |
| - /tmp/.applock | |
| - /usr/local/centreon/www/search.php |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Ref: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit | |
| # Simple tasks to check whether a host is vulnarable to CVE-2021-3156 | |
| # Make sure to use the when condition to upgrade the sudo package on the affected systems | |
| - name: Check sudo | |
| shell: sudoedit -s / || /bin/true | |
| register: sudoeditout | |
| become: true | |
| changed_when: false |