What is a service? What is a daemon? What is the init system? Units in systemd .service units in systemd How to find all the systemd units in the system? Working with a particular service Enabling or disabling log viewing Total size of the journal logs Writing your own service file Securing a service using systemd Installing verybad service Vulnerabilities in the application Directory traversal vulnerability/ the IP address Finding ARP table ping command Short note about DNS /etc/hosts /etc/resolv.conf systemd-resolved controlled name resolution resolvectl command host command dig command ss command traceroute

. . . . . . . . 45 8.4 Units in systemd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 8.5 .service units in systemd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 8.6 How to find all the systemd units in the system? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 8.7 Working with a particular service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 9 Securing a service using systemd 53 9.1 Installing verybad service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . 82 3.2 Systemd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 3.2.1 Systemd init . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 3.7 List of other monitoring command snippets under systemd . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 4.1 3 important configuration files for source of information on the Debian kernel. • bootup(7) describes the system bootup process based on systemd . (Recent Debian) • boot(7) describes the system bootup process based on UNIX System V Release 4

follow the steps to stop the attack: 1. Stop NTP service temporarily with the # systemctl stop systemd-timesyncd command. 2. Block the tainted NTP server by nftables command a. Create new firewall 213.123.55 reject } } 3. You can choose to specify another NTP server (modify /etc/systemd/timesyncd.conf) or wait for this server to finish troubleshooting 4. Remember to flush the rule service SSH Server systemd-journal-flush.service Flush journal to persistent storage systemd-journald.service Journal service systemd-logind.service User login management systemd-modules-load.service

smbd restart $ sudo service smbd status ● smbd.service - Samba SMB Daemon Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: ena Active: active (running) since Tue 2020-02-04 /usr/sbin/smbd --foreground --no-process-group Feb 04 15:17:12 host systemd[1]: Starting Samba SMB Daemon… Feb 04 15:17:12 host systemd[1]: Started Samba SMB Daemon. • Test Samba share: ubuntu@host:~$ /run/net-*.conf /run/net6 -*.conf ¬ 594.766372| /dev/loop3: Can't open blockdev ¬ 595.610434| systemd¬1|: multi-user.target: Job getty.target/start deleted to break ordering cycle starting with multi-user

root=/dev/ mapper/VividS--vg-root ro debug break=init console=ttyS0,115200 irqpoll maxcpus=1 nousb systemd.unit=kdump-tools.service" --initrd=/var/lib/kdump/initrd.img /var/lib/kdump/vmlinuz 6.6 entries manually, or re-boot which should also cause /etc/resolv.conf, which is a symlink to /run/systemd/resolve/stub-resolv.conf, to be re-written. 1.2.2. Dynamic IP Address Assignment (DHCP Client) changed via DCHP client hooks. Systemd-resolved handles name server configuration, and it should be interacted with through the systemd-resolve command. Netplan configures systemd-resolved to generate a list

container run time. Audit: /bin/sh -c 'if test -e /etc/systemd/system/kubelet.service.d/ 10-kubeadm.conf; then stat -c permissions=%a /etc/systemd/ system/kubelet.service.d/10-kubeadm.conf; fi' 4.1 at container run time. Audit: /bin/sh -c 'if test -e /etc/systemd/system/kubelet.service.d/ 10-kubeadm.conf; then stat -c %U:%G /etc/systemd/system/ kubelet.service.d/10-kubeadm.conf; fi' 4.1.3 If authentication: anonymous: enabled to false. If using executable arguments, edit the kubelet service file /etc/systemd/system/ kubelet.service.d/10-kubeadm.conf on each worker node and set the below parameter in KUB

you're running systemd-resolved on Ubuntu, ensure that /etc/resolv.conf is linked to /run/systemd/resolve/resolv.conf, and not to /run/systemd/resolve/stub- resolv.conf. ln -svf /run/systemd/resolve/resolv /etc/resolv.conf ls -l /etc/resolv.conf lrwxrwxrwx 1 root root 32 May 23 19:15 /etc/resolv.conf -> /run/systemd/resolve/ resolv.conf https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/ make sure it's correct. For example, in a Ubuntu system running systemd resolved, check that /etc/resolv.conf is linked to /run/systemd/resolve/resolv.conf as described in step 3 in "Before You Install"

anonymous: enabled to false. If using executable arguments, edit the kubelet service file /etc/systemd/system/ kubelet.service.d/10-kubeadm.conf on each worker node and set the below parameter in K authorization: mode to Webhook. If using executable arguments, edit the kubelet service file /etc/systemd/system/kubelet.service.d/10- kubeadm.conf on each worker node and set the below parameter in KU location of the client CA file. If using command line arguments, edit the kubelet service file /etc/ systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and set the below parameter in KUBELET_AUTHZ_ARGS

anonymous: enabled to false. If using executable arguments, edit the kubelet service file /etc/systemd/system/ kubelet.service.d/10-kubeadm.conf on each worker node and set the below parameter in K authorization: mode to Webhook. If using executable arguments, edit the kubelet service file /etc/systemd/system/kubelet.service.d/10- kubeadm.conf on each worker node and set the below parameter in KU location of the client CA file. If using command line arguments, edit the kubelet service file /etc/ systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and set the below parameter in KUBELET_AUTHZ_ARGS