Skip to content

Hide Navigation Hide TOC

Persistence Via Sudoers.d Files (ddb26b76-4447-4807-871f-1b035b2bfa5d)

Detects the creation or modification of files within the "sudoers.d" directory on Linux systems. Such activity may indicate an attempt to establish or maintain privilege escalation by granting specific users elevated permissions. Unauthorized changes to sudoers files are a common technique used by attackers to persist administrative access.

Cluster A Galaxy A Cluster B Galaxy B Level
Persistence Via Sudoers.d Files (ddb26b76-4447-4807-871f-1b035b2bfa5d) Sigma-Rules Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 1
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 2