From cec771d64f0dc6c4464b247e58b835c0fcbcc49a Mon Sep 17 00:00:00 2001
From: madhavbhatt <madhav.bhatt73@gmail.com>
Date: Sat, 29 May 2021 14:54:22 -0700
Subject: [PATCH] Add test for T1037.004 that modifies rc.local and rc.common
 files on Linux

---
 atomics/T1037.004/T1037.004.yaml | 37 ++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/atomics/T1037.004/T1037.004.yaml b/atomics/T1037.004/T1037.004.yaml
index 8b664b82..9ec58a6f 100644
--- a/atomics/T1037.004/T1037.004.yaml
+++ b/atomics/T1037.004/T1037.004.yaml
@@ -15,3 +15,40 @@ atomic_tests:
     elevation_required: true
     name: bash
 
+
+- name: rc.common
+  description: |
+    Modify rc.common
+
+  supported_platforms:
+    - linux
+  executor:
+    name: bash
+    elevation_required: true 
+    command: | 
+      filename='/etc/rc.common';if [ ! -f $filename ];then sudo touch $filename;else sudo cp $filename /etc/rc.common.original;fi
+      printf '%s\n' '#!/bin/bash' | sudo tee /etc/rc.common
+      echo "python3 -c \"import os, base64;exec(base64.b64decode('aW1wb3J0IG9zCm9zLnBvcGVuKCdlY2hvIGF0b21pYyB0ZXN0IGZvciBtb2RpZnlpbmcgcmMuY29tbW9uID4gL3RtcC9UMTAzNy4wMDQucmMuY29tbW9uJykK'))\"" | sudo tee -a /etc/rc.common
+      printf '%s\n' 'exit 0' | sudo tee -a /etc/rc.common
+      sudo chmod +x /etc/rc.common
+    cleanup_command: | 
+      origfilename='/etc/rc.common.original';if [ ! -f $origfilename ];then sudo rm /etc/rc.common;else sudo cp $origfilename /etc/rc.common && sudo rm $origfilename;fi
+
+- name: rc.local
+  description: |
+    Modify rc.local
+
+  supported_platforms:
+    - linux
+  executor:
+    name: bash
+    elevation_required: true 
+    command: | 
+      filename='/etc/rc.local';if [ ! -f $filename ];then sudo touch $filename;else sudo cp $filename /etc/rc.local.original;fi
+      printf '%s\n' '#!/bin/bash' | sudo tee /etc/rc.local
+      echo "python3 -c \"import os, base64;exec(base64.b64decode('aW1wb3J0IG9zCm9zLnBvcGVuKCdlY2hvIGF0b21pYyB0ZXN0IGZvciBtb2RpZnlpbmcgcmMubG9jYWwgPiAvdG1wL1QxMDM3LjAwNC5yYy5sb2NhbCcpCgo='))\"" | sudo tee -a /etc/rc.local
+      printf '%s\n' 'exit 0' | sudo tee -a /etc/rc.local
+      sudo chmod +x /etc/rc.local
+    cleanup_command: | 
+      origfilename='/etc/rc.local.original';if [ ! -f $origfilename ];then sudo rm /etc/rc.local;else sudo cp $origfilename /etc/rc.local && sudo rm $origfilename;fi
+