Tag
This rule detects potential persistence attempts on Linux systems by monitoring file modifications of files commonly used for persistence, such as cron jobs, systemd services, message-of-the-day (MOTD), SSH configurations, shell configurations, runtime control, init daemon, passwd/sudoers/shadow files, Systemd udevd, and XDG/KDE autostart entries.