From 78c932f1af1199307a31fe0589b710c7cac5b2c1 Mon Sep 17 00:00:00 2001
From: carlospolop <carlospolop@gmail.com>
Date: Thu, 25 May 2023 14:27:17 +0200
Subject: [PATCH] improve

---
 build_lists/sensitive_files.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml
index f61f43f..9e95156 100644
--- a/build_lists/sensitive_files.yaml
+++ b/build_lists/sensitive_files.yaml
@@ -1141,6 +1141,15 @@ search:
           - name: "authorized_keys"
             value: 
                 good_regex: 'from=[\w\._\-]+'
+                bad_regex: "command=.*"
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "*.pub"
+            value:
+                bad_regex: "command=.*"
+                only_bad_lines: True
                 type: f
                 search_in: 
                   - common