timb-machine · March 1, 2021 11:14
diff --git a/adonunix2.yara b/adonunix2.yara
 rule adonunix2 {
  meta:
    author = "Tim Brown @timb_machine"
    description = "AD on UNIX"
  strings:
    $quest = "/quest"
    $sss = "/sss"
    $pbis = "/pbis"  
    $ipa = "/ipa"
    $samba = "/samba"
    $krb5 = "/krb5"
  condition:
    $quest or $sss or $pbis or $ipa or $samba or $krb5
 }
	rule adonunix2 {
	meta:
	author = "Tim Brown @timb_machine"
	description = "AD on UNIX"
	strings:
	$quest = "/quest"
	$sss = "/sss"
	$pbis = "/pbis"
	$ipa = "/ipa"
	$samba = "/samba"
	$krb5 = "/krb5"
	condition:
	$quest or $sss or $pbis or $ipa or $samba or $krb5
	}