Shell Attack
Shell Attack (Unix/Linux)
The following out-of-the-box alert rules are assigned to the (Unix/Linux) Category: SHELL ATTACK.
|
ALERT RULE |
Description |
|---|---|
| Opening a reverse shell |
An alert is triggered upon detecting a login of an application (such as a web server) that does not normally perform login tasks. It can indicate a potential attack. |
| Opening root shell by a non-standard command |
An alert is triggered upon detecting the opening of a root shell by a non-authorized command. |
| Opening root shell using SUDO command from script |
An alert is triggered upon executing the SUDO command from within a script, which allows executing programs with security privileges of regular users or super users. |