Creation or Modification of Systemd Service¶
Systemd services can be used to establish persistence on a Linux system. The systemd service manager is commonly used for managing background daemon processes (also known as services) and other system resources.
| id: | 1a568233-9ca1-4c2c-b2e7-b15b90e2c954 |
|---|---|
| categories: | enrich |
| confidence: | low |
| os: | linux |
| created: | 7/26/2019 |
| updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
| tactics: | Persistence |
|---|---|
| techniques: | T1501 Systemd Service |
Query¶
file where not subtype.delete and
file_name == "*.service*" and
wildcard(file_path, "/etc/systemd/system/*","/usr/lib/systemd/system/*")