James Espinosa
04/21/2020, 10:33 PM+--------------+-------------------------+
| header | rule_details |
+--------------+-------------------------+
| %group1 | ALL=(ALL) NOPASSWD: ALL |
| %group2 | ALL=(ALL) NOPASSWD: ALL |
| user1 | ALL=(ALL) NOPASSWD: ALL |
| user2 | ALL=(ALL) NOPASSWD: ALL |
osquery> SELECT * FROM sudoers WHERE header LIKE '\%%';
(produces 0 results)
sundsta
04/21/2020, 10:35 PMThe escape character followed by a percent symbol (%), underscore (_), or a second instance of the escape character itself matches a literal percent symbol, underscore, or a single escape character, respectively.
so that should be workingzwass
osquery> select '%foobar' like '\%%' escape '\';
+---------------------------------+
| '%foobar' like '\%%' escape '\' |
+---------------------------------+
| 1 |
+---------------------------------+
osquery> select 'foobar' like '\%%' escape '\';
+--------------------------------+
| 'foobar' like '\%%' escape '\' |
+--------------------------------+
| 0 |
+--------------------------------+
James Espinosa
04/21/2020, 10:40 PM