Linux Shell Script is often used by attackers to achieve various task completions such as disabling the firewall, modifying the Access control list, and monitoring agents. A report containing the ways in which malicious Linux shells are being used to hide the attacks has been published by the researchers.
There are six techniques in which attackers have been using Linux Shell Script-
1) Using shell script for the evasion of security by uninstalling the monitoring agent which is related to the cloud.
2) They use various malicious scripts for the disabling of the firewall.
3) They disable the Linux security modules like Apparmour and SELinux. Mandatory Access Control can be applied using this module.
4) They use Chattr to set or unset file attributes, change the file to immutable and make them undeletable, etc.
5) This script can also be used to modify the ACLs, or Access Control Lists.
6) They can be used to rename the common utilities which may help in downloading the remote IP. Malicious files can be downloaded using these tools.
It is really important such activities as the attacks using these shell scripts are becoming very important since such attacks are getting really sophisticated. It is advised to use security solutions, processes, etc., and also keep the software of the systems updated.