empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-07 01:15:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fdf9e42a0c
fleet/handbook/queries/detect-presence-of-authorized-ssh-keys.md
noahtalerman 650db555fd
Add 6 queries to the handbook (#459) 
This PR includes 6 potentially useful queries.
2021-03-12 12:34:26 -08:00

383 B
Raw Blame History

Detect presence of authorized SSH keys

Presence of authorized SSH keys may be unusual on laptops. Could be completely normal on servers, but may be worth auditing for unusual keys and/or changes.

Platforms

macOS, Linux

Query

SELECT username, authorized_keys.* 
FROM users 
CROSS JOIN authorized_keys USING (uid);

Purpose

Detection

Remediation

TODO