# Word list for rule 932105 (RCE Unix command injection part 2/3)
#
# To convert to a regexp that can be pasted into the rule:
#   cat regexp-932105.txt | ./regexp-cmdline.py unix | ./regexp-assemble.pl
#
# Entries starting with ' are used verbatim.
# Everything after # is a comment.
#
# To prevent some FP for a command, you can require command parameters
# after a command. Only do this if the command regularly causes FP and if
# allowing the bare command (without parameters) is not too dangerous.
# (Note: due to \b following the regexp, a word boundary is also required
# further on, so some letter/number is needed for a match). Example:
#
#   diff+

mount+
mutt+
mv+
mysql
mysqladmin
mysqldump
mysqldumpslow
mysqlhotcopy
mysqlshow
nano+
nc+
nc.openbsd
nc.traditional
ncat
net+
netcat
netkit-ftp
netstat
nice+
nmap
nohup
nping
nslookup
nstat
onintr
openssl
passwd
patch+
perl
perl5
perlsh
perms
pftp
pgrep
php
php5
php7
ping
pkexec
pkg
pkg_info
pkginfo
pkill
popd
printenv
printf+
ps+
ptar
ptardiff
ptargrep
pushd
python
python2
python3
python3m
rar+
rcp+
realpath
rename+
repeat+
replace+
rm+
rmdir+
rmuser
rnano
route
rpm+
rsync
ruby
ruby1
ruby18
ruby19
ruby20
ruby21
ruby22
sched
scp+
sdiff
sed+
sendmail
set+
setenv
setfacl+
setsid
sftp
sh+
sh.distrib
shutdown
sleep
socat
sort+
source+
ssh
strings
su+
sudo
svn
sysctl
tail
tailf
tar+
tcping
tcptraceroute
tcsh
tee+
telnet
time+
timeout
top
touch+
traceroute
traceroute6
ulimit+
uname
uncompress
unlink+
unlzma
unrar
unset
unxz
unzip
useradd
userdel
usermod
vigr
vim+
vipw
w3m
wget
# 'who' causes many FP, so require whitespace.
# Unfortunately, without whitespace it may still leak some info.
who+
whoami
xargs
xterm
xxd+
xz+
xzcat
xzcmp
xzdec
xzdiff
xzegrep
xzfgrep
xzgrep
xzless
xzmore
yum
zcat
zcmp
zdiff
zegrep
zfgrep
zgrep
zip+
zless
zmore
zrun
zsh