Hub configuration

More info

pkexec-logs Log Parser

« pkexec-logs »
v0.1 by crowdsecurity
Log parser

Parse pkexec logs specifically for CVE-2021-4034

Installation

cscli parsers install crowdsecurity/pkexec-logs

YAML Configuration

1onsuccess: next_stage
2#debug: true
3filter: "evt.Parsed.program == 'pkexec'"
4name: crowdsecurity/pkexec-logs
5description: "Parse pkexec logs specifically for CVE-2021-4034"
6pattern_syntax:
7  PWNKIT_XPL: '%{DATA:user}: The value for the SHELL variable was not found the /etc/shells file'
8grok:
9  name: "PWNKIT_XPL"
10  apply_on: message
11statics:
12  - meta: log_type
13    value: CVE-2021-4034-xpl
14  - meta: target_user
15    expression: "evt.Parsed.user"
16

Hub configuration

« pkexec-logs »v0.1 by crowdsecurityLog parser

« pkexec-logs »
v0.1 by crowdsecurity
Log parser