Bash Interactive Shell

Detects execution of the bash shell with the interactive flag "-i".

Sigma rule (View on GitHub)

 1title: Bash Interactive Shell
 2id: 6104e693-a7d6-4891-86cb-49a258523559
 3status: test
 4description: Detects execution of the bash shell with the interactive flag "-i".
 5references:
 6    - https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
 7    - https://www.revshells.com/
 8    - https://linux.die.net/man/1/bash
 9author: '@d4ns4n_'
10date: 2023/04/07
11tags:
12    - attack.execution
13logsource:
14    category: process_creation
15    product: linux
16detection:
17    selection:
18        Image|endswith: '/bash'
19        CommandLine|contains: ' -i '
20    condition: selection
21falsepositives:
22    - Unknown
23level: low

References

Related rules

to-top