Password Policy Enumeration¶
Identifies enumeration of local or global password policies using built-in commands.
id: | 94a5cbe1-851a-4b8f-bd9c-04c62097ae5e |
---|---|
categories: | enrich |
confidence: | low |
os: | linux |
created: | 7/26/2019 |
updated: | 7/26/2019 |
Query¶
process where subtype.create and (
process_name == "chage" and command_line == "* -l *" or
process_name == "cat" and command_line == "*/etc/pam.d/common-password*"
)