[systemd-devel] Antw: [EXT] Block systemd from adding new services

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Mon Jun 14 08:05:25 UTC 2021


>>> Saint Michael <venefax at gmail.com> schrieb am 13.06.2021 um 15:32 in Nachricht
<CAC9cSOCyDbO9e-rZhQ0jVkKDEanF+DRX6BfPaqOqj3yuBtf0Gw at mail.gmail.com>:
> One of the most dramatic hacks to 50+ servers of mine is a bitcoin miner,
> xmrig. It installs a service file at /etc/systemd/system, enables it and
> kills the machine.
> Nobody knows how it propagates. I think that SSHD has been broken in a
> foreign land or they just brute-force any machine where
> passwordautorization=yes.
> The point is, for this list, how can I prevent systemd from adding ANY new
> service at all. I am thinking to add chattr +i to /etc/systemd/system, but
> want to know if this makes any sense or if there is a better way to do this.

The better solution would have been to pick a stronger password IMHO.

> Philip






More information about the systemd-devel mailing list