Detect Linux Developer Packages on Production Systems

Rule

Flow_DevPackage.lrl

Description

This rule detects installation of Linux (Debian, Freebsd, Mandriva, Netbsd, Openbsd, Redhat) packages that contain the “dev” naming structure. These packages should not be deployed to production machines.

Detect Usage of Peer 2 Peer Apps

Rule

Flow_P2P.lrl

Description

This rule detects use of non-sanctioned peer 2 peer applications including frostwire, edonkey, ants_p2p, gigatribe, ares, somud, emule, vuze, winny, xiami, clubbox, ezpeer, fileguri, filei, filesovermiles, goboogy, lanshark, luke, perfect_dark, piolet, ppstream and thunder.