From 4ce3d5d20b00dbf1ac2ad9e079037c3ead2ce785 Mon Sep 17 00:00:00 2001
From: Amit Schendel <amitschendel@gmail.com>
Date: Mon, 9 Sep 2024 06:55:09 +0000
Subject: [PATCH 1/2] Removing /etc/group from the list of sensitive files

Signed-off-by: Amit Schendel <amitschendel@gmail.com>
---
 pkg/ruleengine/v1/helpers.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkg/ruleengine/v1/helpers.go b/pkg/ruleengine/v1/helpers.go
index 6113137b..3a8b0024 100644
--- a/pkg/ruleengine/v1/helpers.go
+++ b/pkg/ruleengine/v1/helpers.go
@@ -21,7 +21,6 @@ var SensitiveFiles = []string{
 	"/etc/ssh/sshd_config",
 	"/etc/ssh/ssh_config",
 	"/etc/pam.d",
-	"/etc/group",
 }
 
 var (

From 494782edbfaf889db39faab58deacdada97cf0e6 Mon Sep 17 00:00:00 2001
From: Amit Schendel <amitschendel@gmail.com>
Date: Mon, 9 Sep 2024 07:10:10 +0000
Subject: [PATCH 2/2] Adding domains

Signed-off-by: Amit Schendel <amitschendel@gmail.com>
---
 pkg/ruleengine/v1/r1008_crypto_mining_domain.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/ruleengine/v1/r1008_crypto_mining_domain.go b/pkg/ruleengine/v1/r1008_crypto_mining_domain.go
index f4c10c1a..9f9dd2f6 100644
--- a/pkg/ruleengine/v1/r1008_crypto_mining_domain.go
+++ b/pkg/ruleengine/v1/r1008_crypto_mining_domain.go
@@ -124,6 +124,8 @@ var commonlyUsedCryptoMinersDomains = []string{
 	"xmr.zeropool.io.",
 	"zec.antpool.com.",
 	"zergpool.com.",
+	"auto.c3pool.org.",
+	"us.monero.herominers.com.",
 }
 
 var R1008CryptoMiningDomainCommunicationRuleDescriptor = RuleDescriptor{