A new version of Sandfly has been released. Version 1.3 has the following changes:
- Container OS was switched from Alpine to Ubuntu Minimal for better compatibility and more up to date packages.
- TLS 1.1 has been disabled across the board. Only TLS 1.2 and 1.3 will be supported going forward which will cover all modern browsers.
- Sandflies renamed to be more consistent and descriptive.
- Sandfly Process Persistence Cron Malicious and Sandfly Process Persistence At Job Malicious sandflies will also flag executable files inside these directories along with the standard malware persistence checks.
- New sandflies to search for running processes out of unusual system directories like /lost+found or /boot.
- Expanded checks for legacy rootkits from the leaked NSA source code repositories.
- New sandfly checks for SUID/SGID system shells.
- Expanded checks for SUID/SGID system editors which can be left behind for future escalation attacks by intruders.
- Performance and reliability fixes.
We recommend you upgrade to take advantage of the above by following the simple instructions here:
Thank you for using Sandfly.