Added tests for disable of firewall, syslog, Cb daemon, SELinux
parent
4f65330559
commit
8346a7a1f5
|
@ -0,0 +1,36 @@
|
|||
# Disabling Security Tools
|
||||
|
||||
MITRE ATT&CK Technique: [T1089](https://attack.mitre.org/wiki/Technique/T1089)
|
||||
|
||||
|
||||
## Stop and disable firewall on CentOS/RHEL 6 and below
|
||||
|
||||
service iptables stop
|
||||
chkconfig off iptables
|
||||
|
||||
service ip6tables stop
|
||||
chkconfig off ip6tables
|
||||
|
||||
## Stop and disable firewall on CentOS/RHEL 7 and above
|
||||
|
||||
systemctl stop firewalld
|
||||
systemctl disable firewalld
|
||||
|
||||
## Stop and disable syslog on CentOS/RHEL 6 and below
|
||||
service rsyslog stop
|
||||
chkconfig off rsyslog
|
||||
|
||||
## Stop and disable syslog on CentOS/RHEL 7 and above
|
||||
systemctl stop rsyslog
|
||||
systemctl disable rsyslog
|
||||
|
||||
## Stop and disable Cb Response Daemon on CentOS/RHEL 6 and below
|
||||
service cbdaemon stop
|
||||
chkconfig off cbdaemon
|
||||
|
||||
## Stop and disable Cb Response Daemon on CentOS/RHEL 7 and above
|
||||
systemctl stop cbdaemon
|
||||
systemctl disable cbdaemon
|
||||
|
||||
## Disable SELinux Enforcement
|
||||
setenforce 0
|
|
@ -4,7 +4,7 @@
|
|||
|------------------------------|-------------------------------|-------------------------------|----------------------------------------|----------------------------------------|---------------------------------|--------------------------|--------------------------------|-----------------------------------------------|-----------------------------------------|
|
||||
| [.bash_profile and .bashrc](Persistence/bash_profile_and_bashrc.md) | Exploitation of Vulnerability | Binary Padding | [Bash History](Credential_Access/Bash_History.md) | [Account Discovery](Discovery/Account_Discovery.md) | Application Deployment Software | [Command-Line Interface](Execution/Command-Line_Interface.md) | Audio Capture | Automated Exfiltration | Commonly Used Port |
|
||||
| Bootkit | [Setuid and Setgid](Privilege_Escalation/Setuid_and_Setgid.md) | [Clear Command History](Defense_Evasion/Clear_Command_History.md) | Brute Force | [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md) | Exploitation of Vulnerability | Graphical User Interface | Automated Collection | Data Compressed | Communication Through Removable Media |
|
||||
| [Browser Extensions](Persistence/Browser_Extensions.md)| Sudo | Disabling Security Tools | [Create Account](Credential_Access/Create_Account.md) | [Network Service Scanning](Discovery/Network_Service_Scanning.md) | [Remote File Copy](Lateral_Movement/Remote_File_Copy.md) | Scripting | [Browser Extensions](Collection/Browser_Extensions.md) | Data Encrypted | Connection Proxy |
|
||||
| [Browser Extensions](Persistence/Browser_Extensions.md)| Sudo | [Disabling Security Tools](Defense_Evasion/Disabling_Security_Tools.md) | [Create Account](Credential_Access/Create_Account.md) | [Network Service Scanning](Discovery/Network_Service_Scanning.md) | [Remote File Copy](Lateral_Movement/Remote_File_Copy.md) | Scripting | [Browser Extensions](Collection/Browser_Extensions.md) | Data Encrypted | Connection Proxy |
|
||||
| [Cron Job](Persistence/Cron_Job.md) | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | Permission Groups Discovery | Remote Services | Source | Clipboard Data | Data Transfer Size Limits | Custom Command and Control Protocol |
|
||||
| [Hidden Files and Directories](Persistence/Hidden_Files_and_Directories.md) | Web Shell | File Deletion | Exploitation of Vulnerability | [Process Discovery](Discovery/Process_Discovery.md) | Third-party Software | Space after Filename | Data Staged | [Exfiltration Over Alternative Protocol](Exfiltration/Exfiltration_Over_Alternative_Protocol.md) | Custom Cryptographic Protocol |
|
||||
| Rc.common | | [HISTCONTROL](Defense_Evasion/HISTCONTROL.md) | Input Capture | [Remote System Discovery](Discovery/Remote_System_Discovery.md) | | Third-party Software | Data from Local System | Exfiltration Over Command and Control Channel | Data Encoding |
|
||||
|
|
Loading…
Reference in New Issue