>>> Saint Michael <[email protected]> schrieb am 13.06.2021 um 15:32 in >>> Nachricht <cac9csocydbo9e-rzhq0jvkkdeanf+drx6bfpaqoqj3yubtf...@mail.gmail.com>: > One of the most dramatic hacks to 50+ servers of mine is a bitcoin miner, > xmrig. It installs a service file at /etc/systemd/system, enables it and > kills the machine. > Nobody knows how it propagates. I think that SSHD has been broken in a > foreign land or they just brute-force any machine where > passwordautorization=yes. > The point is, for this list, how can I prevent systemd from adding ANY new > service at all. I am thinking to add chattr +i to /etc/systemd/system, but > want to know if this makes any sense or if there is a better way to do this.
The better solution would have been to pick a stronger password IMHO. > Philip _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
