[systemd-devel] Block systemd from adding new services
Saint Michael
venefax at gmail.com
Sun Jun 13 13:32:49 UTC 2021
One of the most dramatic hacks to 50+ servers of mine is a bitcoin miner,
xmrig. It installs a service file at /etc/systemd/system, enables it and
kills the machine.
Nobody knows how it propagates. I think that SSHD has been broken in a
foreign land or they just brute-force any machine where
passwordautorization=yes.
The point is, for this list, how can I prevent systemd from adding ANY new
service at all. I am thinking to add chattr +i to /etc/systemd/system, but
want to know if this makes any sense or if there is a better way to do this.
Philip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210613/08934dbf/attachment.htm>
More information about the systemd-devel
mailing list