From 5aba512a534459e869d3bd095b1bc5ed198c6b70 Mon Sep 17 00:00:00 2001
From: Pierre-Gronau-ndaal
 <72132223+Pierre-Gronau-ndaal@users.noreply.github.com>
Date: Wed, 14 Dec 2022 22:16:10 +0100
Subject: [PATCH] Update audit.rules

### https://github.com/awgn/cgrep

-w /usr/bin/cgrep -p x -k T1081_Credentials_In_Files
### macOS
-w /usr/local/bin/cgrep -p x -k T1081_Credentials_In_Files

### https://github.com/jpr5/ngrep
-w /usr/bin/ngrep -p x -k T1081_Credentials_In_Files
### macOS
-w /usr/local/bin/ngrep -p x -k T1081_Credentials_In_Files

### https://github.com/vrothberg/vgrep
-w /usr/bin/vgrep -p x -k T1081_Credentials_In_Files
### macOS
-w /usr/local/bin/vgrep -p x -k T1081_Credentials_In_Files
---
 audit.rules | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/audit.rules b/audit.rules
index 8895d76..3c8cf8c 100644
--- a/audit.rules
+++ b/audit.rules
@@ -602,6 +602,22 @@
 ### macOS
 -w /usr/local/bin/rg -p x -k T1081_Credentials_In_Files
 
+### https://github.com/awgn/cgrep
+
+-w /usr/bin/cgrep -p x -k T1081_Credentials_In_Files
+### macOS
+-w /usr/local/bin/cgrep -p x -k T1081_Credentials_In_Files
+
+### https://github.com/jpr5/ngrep
+-w /usr/bin/ngrep -p x -k T1081_Credentials_In_Files
+### macOS
+-w /usr/local/bin/ngrep -p x -k T1081_Credentials_In_Files
+
+### https://github.com/vrothberg/vgrep
+-w /usr/bin/vgrep -p x -k T1081_Credentials_In_Files
+### macOS
+-w /usr/local/bin/vgrep -p x -k T1081_Credentials_In_Files
+
 ### https://github.com/monochromegane/the_platinum_searcher
 -w /usr/bin/pt -p x -k T1081_Credentials_In_Files
 ### macOS