Rules: Overly Permissive Chmod Command

Description

Setting a file's permissions to '777' with the chmod command allows all users to read, write, and execute said file, presenting an avenue for exploitation and privilege escalation on the host.

Additional Details

Detail	Value
Type	Templated Match
Category	Defense Evasion
Apply Risk to Entities	device_hostname, device_ip, user_username
Signal Name	Overly Permissive Chmod Command
Summary Expression	A chmod command with 777 permissions was run on host {{device_hostname}} by user {{user_username}}
Score/Severity	Static: 3
Enabled by Default	True
Prototype	False
Tags	_mitreAttackTactic:TA0005, _mitreAttackTactic:TA0004, _mitreAttackTechnique:T1222, _mitreAttackTechnique:T1222.002, _mitreAttackTechnique:T1548, _mitreAttackTechnique:T1548.001

Vendors and Products

Amazon AWS - CloudTrail
CrowdStrike - FDR
Linux - Auditd
Linux - Linux OS Syslog
Microsoft - Azure
Microsoft - Windows

Fields Used

Origin	Field
Normalized Schema	commandLine
Normalized Schema	device_hostname
Normalized Schema	device_ip
Normalized Schema	user_username

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MATCH-S00683.md

MATCH-S00683.md

Rules: Overly Permissive Chmod Command

Description

Additional Details

Vendors and Products

Fields Used

Files

MATCH-S00683.md

Latest commit

History

MATCH-S00683.md

File metadata and controls

Rules: Overly Permissive Chmod Command

Description

Additional Details

Vendors and Products

Fields Used