Uptycs Threat Research outlines how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them. The malicious script disables firewalls, monitoring agents and modifying access control lists (ACLs) Attackers also use the commands to disable non-maskable Interrupt(nmi) and disable iptables rules (iptables -F) The script also disables Linux security modules like SElinux, Apparmor. These modules are designed to implement mandatory access control(MAC) policies.
Source: https://threatpost.com/six-malicious-linux-shell-scripts-how-to-stop-them/168127/