One of the most dramatic hacks to 50+ servers of mine is a bitcoin miner, xmrig. It installs a service file at /etc/systemd/system, enables it and kills the machine.
Nobody knows how it propagates. I think that SSHD has been broken in a foreign land or they just brute-force any machine where passwordautorization=yes.
The point is, for this list, how can I prevent systemd from adding ANY new service at all. I am thinking to add chattr +i to /etc/systemd/system, but want to know if this makes any sense or if there is a better way to do this.
Philip
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
