Linux persistence techniques

In the same spirit than #16791, but for Linux:

## Package managers
 
- [x] Yum package manager persistence, in `./exploits/linux/local/yum_package_manager_persistence.rb`
- [x] Apt package manager persistence, in `./exploits/linux/local/apt_package_manager_persistence.rb`
- [ ] apk

## Service managers and autostart

- [x] systemd service persistence, in `./exploits/linux/local/service_persistence.rb` 
- [x] systemd user service persistence, in `./exploits/linux/local/service_persistence.rb` 
- [x] sys-v service persistence, in `./exploits/linux/local/service_persistence.rb` 
- [x] upstart service persistence, in `./exploits/linux/local/service_persistence.rb` 
- [x] openrc service persistence #19480
- [x] `rc.local` persistence, in `./exploits/linux/local/rc_local_persistence.rb`
- [x] desktop autostart, in `./exploits/linux/local/autostart_persistence.rb`  

## Misc

- [x] `at` job persistence, in `./exploits/unix/local/at_persistence.rb`
- [x] SSH key persistence, in `./post/linux/manage/sshkey_persistence.rb`
- [x] crontab persistence, in `./exploits/linux/local/cron_persistence.rb` 
- [x] bash profile, in `./exploits/linux/local/bash_profile_persistence.rb`
- [x] MOTD persistence, via `/etc/update-motd.d/…` #19454
- [ ] udev backdoor, via `/etc/udev/rules.d/`, as used by the [sedexp](https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp) malware #19472
- [ ] `LD_PRELOAD`

Resources:

- https://github.com/Aegrah/PANIX

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Linux persistence techniques #19359

Package managers

Service managers and autostart

Misc

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Linux persistence techniques #19359

Description

Package managers

Service managers and autostart

Misc

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions