The Art Of Linux Persistence(EBook)

In the realm of Linux system administration, security, and advanced operations, the concept of persistence is pivotal. Persistence in Linux refers to the techniques and methodologies used to maintain continuous operations, automate tasks, ensure the execution of critical processes, and sometimes, in the context of security, maintain access. This comprehensive guide delves into various facets of Linux persistence, exploring a wide array of methods ranging from basic system administration to advanced security practices.

• Standard Persistence Techniques (S)
  • Create Account: Establishing additional user accounts for access continuity.
  • SSH Authorized Keys: Utilizing SSH keys for secure, passwordless authentication.
  • Scheduled Tasks: Automating tasks using cron jobs and systemd timers.
  • Shell Configuration Modification: Tweaking shell configurations like .bashrc for automated script execution.
  • Dynamic Linker Hijacking: Manipulating the dynamic linker for control over shared library loading.
• Resourceful Persistence Techniques (R)
  • SUID Binary: Leveraging Set User ID binaries for privilege escalation.
  • rc.common/rc.local: Utilizing legacy startup scripts for executing commands at boot.
  • Systemd Services: Creating custom systemd services for persistent background processes.
  • Trap: Employing signal handling in scripts for graceful termination and cleanup.
• Advanced Persistence Techniques (A)
  • Backdooring User Startup File: Modifying user-specific startup files for command execution.
  • Backdooring MOTD: Injecting scripts or messages into the Message of the Day (MOTD) file.
  • Backdooring APT: Manipulating the Advanced Package Tool (APT) for custom package management.
  • Backdooring OpenVPN: Integrating scripts into OpenVPN configurations for additional actions during VPN connections.
  • Backdooring Git: Utilizing Git hooks and configurations for automated script execution.

4. Innovative and Niche Techniques

• System Call Monitoring and Alteration: Observing and modifying system calls for specific behaviors.
• Modifying Environment Variables: Adjusting environment variables for influencing application behavior.
• Login Scripts: Executing scripts upon user login through profile scripts.
• XDG Autostart: Setting up applications or scripts to automatically start in graphical desktop environments.
• udev Rules: Triggering actions based on hardware events using udev rules.
• Alias Commands: Creating aliases in shell configurations for command substitution or extension.
• Binary Replacement or Wrapping: Replacing or wrapping system binaries for custom functionality.
• Kernel Modules: Loading custom kernel modules for deep system integration.
• Database Triggers: Using database triggers for automated actions in response to database events.