Linux Doas Conf File Creation

Original Source: [Sigma source]

Title: Linux Doas Conf File Creation
Status: stable
Description:Detects the creation of doas.conf file in linux host platform.
References:
-https://research.splunk.com/endpoint/linux_doas_conf_file_creation/
-https://www.makeuseof.com/how-to-install-and-use-doas/
Author: Sittikorn S, Teoderick Contreras
Date: 2022-01-20
modified:2022-12-31
Tags:

-'attack.privilege-escalation'
-'attack.t1548'

Logsource:

product: linux
category: file_event

Detection:
selection:
TargetFilename|endswith: '/etc/doas.conf'
condition:selection
Falsepositives:
-Unlikely
Level: medium

Sign Up to Personalize and Manage Your Detection

Linux Doas Conf File Creation