diff --git a/rules/linux/lnx_file_deletion.yml b/rules/linux/lnx_file_deletion.yml
new file mode 100644
index 000000000..9ab0804dd
--- /dev/null
+++ b/rules/linux/lnx_file_deletion.yml
@@ -0,0 +1,26 @@
+title: File Deletion
+id: 30aed7b6-d2c1-4eaf-9382-b6bc43e50c57
+status: stable
+description: Detects file deletion commands
+author: Ömer Günal, oscd.community
+date: 2020/10/07
+references:
+    - https://attack.mitre.org/techniques/T1070/004/
+logsource:
+    product: linux
+detection:
+    keywords:
+        - Commands|contains:
+          - 'rm '
+          - 'shred -u'
+          - 'rmdir'
+          - 'unlink'
+          - 'busybox rm -f *'
+          - 'find * -delete'
+    condition: keywords
+falsepositives:
+    - Legitimate administration activities
+level: low
+tags:
+    - attack.defense_evasion
+    - attack.t1070.004