malware disabling SELinux
0001-01-01
Some examples of Linux malware such as the Skidmap malware will disable SELinux by running commands such as:
echo 0 > /selinux/enforce
setenforce 0
setenforce Permissive
Alternatively, they may edit /etc/sysconfig/selinux, setting SELINUX=enforcing, SELINUX=disabled, SELINUXTYPE=targeted, or similar settingst that effectively disable or render SELinux ineffective.
https://www.tecmint.com/disable-selinux-in-centos-rhel-fedora/
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit