Sandfly 1.3 Update
A new version of Sandfly has been released. Version 1.3 has the following changes:
Container OS was switched from Alpine to Ubuntu Minimal for better compatibility and more up to date packages.
TLS 1.1 has been disabled across the board. Only TLS 1.2 and 1.3 will be supported going forward which will cover all modern browsers.
Sandflies renamed to be more consistent and descriptive.
Sandfly Process Persistence Cron Malicious and Sandfly Process Persistence At Job Malicious sandflies will also flag executable files inside these directories along with the standard malware persistence checks.
New sandflies to search for running processes out of unusual system directories like /lost+found or /boot.
Expanded checks for legacy rootkits from the leaked NSA source code repositories.
New sandfly checks for SUID/SGID system shells.
Expanded checks for SUID/SGID system editors which can be left behind for future escalation attacks by intruders.
Performance and reliability fixes.
We are adding many new sandflies now to detect an ever increasing list of threats against Linux. If you have any questions about the update, please contact us.
We recommend you upgrade to take advantage of the above by following the simple instructions here:
Thank you for using Sandfly.