One of the most dramatic hacks to 50+ servers of mine is a bitcoin miner, xmrig. It installs a service file at /etc/systemd/system, enables it and kills the machine. Nobody knows how it propagates. I think that SSHD has been broken in a foreign land or they just brute-force any machine where passwordautorization=yes. The point is, for this list, how can I prevent systemd from adding ANY new service at all. I am thinking to add chattr +i to /etc/systemd/system, but want to know if this makes any sense or if there is a better way to do this. Philip
_______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
