security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
python_conversion
atomic-red-team/atomics/T1053.006/T1053.006.yaml
T
AlbertoPellitteri 8bd8a959ee Setting elevation required for test 1 (#2920) 
Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>
2024-09-10 20:20:19 +05:30

104 lines
4.1 KiB
YAML
Raw Permalink Blame History

attack_technique: T1053.006
display_name: 'Scheduled Task/Job: Systemd Timers'
atomic_tests:
- name: Create Systemd Service and Timer
auto_generated_guid: f4983098-bb13-44fb-9b2c-46149961807b
description: |
This test creates Systemd service and timer then starts and enables the Systemd timer
supported_platforms:
- linux
input_arguments:
path_to_systemd_service:
description: Path to systemd service unit file
type: path
default: /etc/systemd/system/art-timer.service
path_to_systemd_timer:
description: Path to service timer file
type: path
default: /etc/systemd/system/art-timer.timer
systemd_service_name:
description: Name of systemd service
type: string
default: art-timer.service
systemd_timer_name:
description: Name of systemd service timer
type: string
default: art-timer.timer
executor:
command: |
echo "[Unit]" > #{path_to_systemd_service}
echo "Description=Atomic Red Team Systemd Timer Service" >> #{path_to_systemd_service}
echo "[Service]" >> #{path_to_systemd_service}
echo "Type=simple" >> #{path_to_systemd_service}
echo "ExecStart=/bin/touch /tmp/art-systemd-timer-marker" >> #{path_to_systemd_service}
echo "[Install]" >> #{path_to_systemd_service}
echo "WantedBy=multi-user.target" >> #{path_to_systemd_service}
echo "[Unit]" > #{path_to_systemd_timer}
echo "Description=Executes Atomic Red Team Systemd Timer Service" >> #{path_to_systemd_timer}
echo "Requires=#{systemd_service_name}" >> #{path_to_systemd_timer}
echo "[Timer]" >> #{path_to_systemd_timer}
echo "Unit=#{systemd_service_name}" >> #{path_to_systemd_timer}
echo "OnCalendar=*-*-* *:*:00" >> #{path_to_systemd_timer}
echo "[Install]" >> #{path_to_systemd_timer}
echo "WantedBy=timers.target" >> #{path_to_systemd_timer}
systemctl start #{systemd_timer_name}
systemctl enable #{systemd_timer_name}
systemctl daemon-reload
cleanup_command: |
systemctl stop #{systemd_timer_name}
systemctl disable #{systemd_timer_name}
rm #{path_to_systemd_service}
rm #{path_to_systemd_timer}
systemctl daemon-reload
name: bash
elevation_required: true
- name: Create a user level transient systemd service and timer
auto_generated_guid: 3de33f5b-62e5-4e63-a2a0-6fd8808c80ec
description: |
Schedule a user level transient task (will not survive a reboot) without having to create the .timer or .service files by using the systemd-run command.
supported_platforms:
- linux
dependency_executor_name: sh
dependencies:
- description: |
Check if systemd-run exists on the machine
prereq_command: |
if [ -x "$(command -v systemd-run)" ]; then exit 0; else exit 1; fi;
get_prereq_command: |
echo "Install systemd on the machine."; exit 1;
executor:
elevation_required: false
command: |
systemd-run --user --unit=Atomic-Red-Team --on-calendar '*:0/1' /bin/sh -c 'echo "$(date) $(whoami)" >>/tmp/log'
cleanup_command: |
systemctl --user stop Atomic-Red-Team.service
systemctl --user stop Atomic-Red-Team.timer
rm /tmp/log
name: sh
- name: Create a system level transient systemd service and timer
auto_generated_guid: d3eda496-1fc0-49e9-aff5-3bec5da9fa22
description: |
Schedule a system level transient task (will not survive a reboot) without having to create the .timer or .service files by using the systemd-run command.
supported_platforms:
- linux
dependency_executor_name: sh
dependencies:
- description: |
Check if systemd-run exists on the machine
prereq_command: |
if [ -x "$(command -v systemd-run)" ]; then exit 0; else exit 1; fi;
get_prereq_command: |
echo "Install systemd on the machine."; exit 1;
executor:
elevation_required: true
command: |
systemd-run --unit=Atomic-Red-Team --on-calendar '*:0/1' /bin/sh -c 'echo "$(date) $(whoami)" >>/tmp/log'
cleanup_command: |
systemctl stop Atomic-Red-Team.service
systemctl stop Atomic-Red-Team.timer
rm /tmp/log
name: sh
Reference in New Issue View Git Blame Copy Permalink