diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index b820a2d0..ee5f0ce7 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -29695,8 +29695,12 @@ defense-evasion:
       executor:
         command: 'setenforce 0
 
+'
+        cleanup_command: 'setenforce 1
+
 '
         name: sh
+        elevation_required: true
     - name: Stop Crowdstrike Falcon on Linux
       auto_generated_guid: 828a1278-81cc-4802-96ab-188bf29ca77d
       description: 'Stop and disable Crowdstrike Falcon on Linux
diff --git a/atomics/T1562.001/T1562.001.md b/atomics/T1562.001/T1562.001.md
index b70615ae..e43f993f 100644
--- a/atomics/T1562.001/T1562.001.md
+++ b/atomics/T1562.001/T1562.001.md
@@ -126,13 +126,17 @@ Disables SELinux enforcement
 
 
 
-#### Attack Commands: Run with `sh`! 
+#### Attack Commands: Run with `sh`!  Elevation Required (e.g. root or admin) 
 
 
 ```sh
 setenforce 0
 ```
 
+#### Cleanup Commands:
+```sh
+setenforce 1
+```