Saint Michael wrote: > I compiled the latest version, 8.1, inside Centos 7.9, and to my dismay, > there was no support for libwrap Be aware that many Linux distributions make changes to the upstream release as part of their packages. It's wise to consider whether that's actually in ones interest on a case-by-case basis. If "recent" distribution OpenSSH packages support libwrap then that's such a modification, made by the distribution. > I didn’t find service definitions for Systemd. ¿where can I find them? systemd integration in OpenSSH, which Red Hat (the company) distributes plenty of, is another such modification by the distribution. If you look closer into this you'll find that few distributions actually make independent, informed decisions - herd mentality is strong. Upstream OpenSSH doesn't support systemd at all at the moment, and thus also doesn't distribute unit files. Running upstream sshd under systemd works anyway, but you can run into problems if you expect everything that systemd provides to work according to the systemd model - it will not, potentially leaving the system without a running sshd. > How do I overcome these obstacles? As far as I know there exists no sensible sshd+systemd integration. Red Hat (the company) distributes an sshd that depends on libsystemd.so, which I find a horrible idea. I think debian (thus also Ubuntu) have followed along and use the same patches. I've written and proposed a small standalone sd_notify() implementation to be used instead of libsystemd.so, but I don't think anyone uses it. Personally I wouldn't mind upstream OpenSSH supporting systemd Type=notify but I expect nothing. > we should keep libwrap baked into openssh, even as optional. I don't think upstream OpenSSH will support it. Like others I recommend you to place useful firewall rules on every system and to monitor that they are in effect. Oh, and don't assume that the visible Bitcoin miner is the only thing that was installed on your compromised servers; boot from CD and take a closer look. Kind regards //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
