Techniques
Sample rules
Persistence Via Sudoers Files
- source: sigma
- technicques:
- t1053
- t1053.003
Description
Detects creation of sudoers file or files in “sudoers.d” directory which can be used a potential method to persiste privileges for a specific user.
Detection logic
condition: selection
selection:
TargetFilename|startswith: /etc/sudoers.d/