This is admittedly slight off-topic but as you seem to be maintaining servers
available on the public internet, this really affects us all.
What you are asking for is the equivalent of "which brand of band-aid should I use
for whenever I get hit by a bus".
Human or bot doesnt' matter - if
Dnia Sun, Jun 13, 2021 at 09:04:04PM +0200, Marc Haber napisał(a):
> Hi,
>
> I am wondering where the 32 xdigit number in pathnames like
>
> systemd-private-27aa635a15cf4da0a7ebda10f25c3950-chrony.service-9DShFi/
>
> comes from. I always had the impression that it's the systemd/dbus
> machine
Hi,
I am wondering where the 32 xdigit number in pathnames like
systemd-private-27aa635a15cf4da0a7ebda10f25c3950-chrony.service-9DShFi/
comes from. I always had the impression that it's the systemd/dbus
machine id, but that does not seem to be the case. Is that just an
arbitrary random number,
The attacker is a robot trying to copy a *.service to
/etc/systemd/services. This single measure may keep me in business.
Thanks for the information.
On Sun, Jun 13, 2021 at 11:45 AM Silvio Knizek wrote:
> Am Sonntag, dem 13.06.2021 um 10:49 -0400 schrieb Saint Michael:
> > This is not a human
Am Sonntag, dem 13.06.2021 um 10:49 -0400 schrieb Saint Michael:
> This is not a human attacker, but a robot. My question is: if I apply
> chattr +i to $(pkg-config --variable=systemdsystemconfdir systemd),
> will the OS continue to work fine or this is nonsense?
> Philip
Systemd will work totally
This is not a human attacker, but a robot. My question is: if I apply
chattr +i to $(pkg-config --variable=systemdsystemconfdir systemd), will
the OS continue to work fine or this is nonsense?
Philip
On Sun, Jun 13, 2021 at 9:54 AM Silvio Knizek wrote:
> Am Sonntag, dem 13.06.2021 um 09:32
Am Sonntag, dem 13.06.2021 um 09:32 -0400 schrieb Saint Michael:
> One of the most dramatic hacks to 50+ servers of mine is a bitcoin
> miner, xmrig. It installs a service file at /etc/systemd/system,
> enables it and kills the machine.
> Nobody knows how it propagates. I think that SSHD has been
One of the most dramatic hacks to 50+ servers of mine is a bitcoin miner,
xmrig. It installs a service file at /etc/systemd/system, enables it and
kills the machine.
Nobody knows how it propagates. I think that SSHD has been broken in a
foreign land or they just brute-force any machine where