Various persistence methods that can be investigated.
SHA Checksum Command (MAC OS)
shasum -a 512 FILE
References
plutil -p Library/Preferences/com.apple.dock.plist
Check out dockutil for free plist dock editing resource.
grep -v '^#' /etc/security/audit_warn
Script triggered by sudo audit -n
command.
grep -v '^#' /private/etc/man.conf
55f159eb497aebedd321e3da27aab2377298ae458da327aa9c6a86acbf8c66dbd6ce499ae31d4b1066fde8a151c7fdffb65bbf46eea898a15f232ab7e8664aa9 /etc/security/audit_warn
385577eb3b69379d55660fe9b277f4a29fb1eba0b27c39728e5acdddf64337c4244a92211ae4747c3efe2dc6ce9986b8efe3b9196bfcd7cc7dbb1df317c32a08 /private/etc/man.conf