Creation or Modification of Systemd Service¶
Systemd services can be used to establish persistence on a Linux system. The systemd service manager is commonly used for managing background daemon processes (also known as services) and other system resources.
id: | 1a568233-9ca1-4c2c-b2e7-b15b90e2c954 |
---|---|
categories: | enrich |
confidence: | low |
os: | linux |
created: | 7/26/2019 |
updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
tactics: | Persistence |
---|---|
techniques: | T1501 Systemd Service |
Query¶
file where not subtype.delete and
file_name == "*.service*" and
wildcard(file_path, "/etc/systemd/system/*","/usr/lib/systemd/system/*")