Skip to main content
Topic: Systemd...exactly what some of us where afraid of (Read 4433 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Re: Systemd...exactly what some of us where afraid of

Reply #15
Quote from: dpx – on
Quote from: mrbrklyn – on


When I have 400+ systems in banks where banking regulations REQUIRE it as part of the banking regulation to prevent money laundering

Also well as use cases in Nuclear Reactors, Military Vehicles, Aircraft, City and State government departments of various types and kinds, including jails .... etc etc etc

And this edge cases are all using linux and need kernel level loging? How did they work before kernel introduced ePBF? I bet Nuclear Reactor folks take stock kernel and use ePBF off the shelf.

As installed Kernel modules - piece of cake for the knowing... although it can be done in users space as well
https://sourceforge.net/projects/linuxkernelkeyl/
https://github.com/jarun/spy
https://medium.com/@emanuele.santini.88/developing-a-linux-kernel-module-keylogger-6c3922d72f9d

https://www.ieee-security.org/TC/SPW2012/proceedings/4740a097.pdf
 2012, Jesus Navarro. Under license to IEEE.
DOI 10.1109/SPW.2012.22


It is a STANDARD academic project in many security classes.
https://linuxsecurity.com/features/complete-guide-to-keylogging-in-linux-part-1
https://sourceforge.net/directory/keyloggers/linux/

https://security.stackexchange.com/questions/55695/detecting-unknown-keyloggers
https://jise.iis.sinica.edu.tw/JISESearch/fullText?pId=2013&code=B26F99659E41E67 (2017)

https://link.springer.com/article/10.1007/s10664-022-10136-3

https://ieeexplore.ieee.org/abstract/document/6227691/
2012
https://books.google.com/books?hl=en&lr=&id=0YUoEQAAQBAJ&oi=fnd&pg=PA107&dq=linux+kernel+level+%22key+logger%22&ots=f5aXzoP7_3&sig=NUWiRWsqDYDjd-lasOsBCb5Ya-c#v=onepage&q&f=false
https://oeilresearch.com/wp-content/uploads/2024/09/4-OEIL-12.pdf

https://link.springer.com/chapter/10.1007/978-3-031-72559-3_16

https://ieeexplore.ieee.org/abstract/document/9098980/
https://ieeexplore.ieee.org/abstract/document/6703691


https://www.magonlinelibrary.com/doi/abs/10.1016/S1353-4858%2820%2930021-0

And as I wrote the first time, it is not necessary to write it on the kernel level.  It is very very hard to prevent and as of now, there is no known means to stop a keylogger from being written on the kernel level or in user space.


Writing Kernel modules and installing them - even on running systems
There are books on this => https://www.google.com/books/edition/The_Linux_Kernel_Module_Programming_Guid/UemYQQAACAAJ?hl=en
https://sysprog21.github.io/lkmpg/

https://www.google.com/books/edition/Linux_Kernel_Programming/-rTExQEACAAJ?hl=en

Re: Systemd...exactly what some of us where afraid of

Reply #16
1000-10000 lines of code vs 1.62 million lines of code full of backdors. Plus, systemd puts all your eggs in one basket. It's more than init. Systemd is a cancer.

Re: Systemd...exactly what some of us where afraid of

Reply #18
Absolute nothingburger. It is because systemd has a feature to block services from internet access, so obviously they need the packet filter.

Re: Systemd...exactly what some of us where afraid of

Reply #19
Quote from: sudo_halt – on
Absolute nothingburger. It is because systemd has a feature to block services from internet access, so obviously they need the packet filter.

What services exactly? Source where I can read more about this?

Re: Systemd...exactly what some of us where afraid of

Reply #20
Quote from: dpx – on
Quote from: sudo_halt – on
Absolute nothingburger. It is because systemd has a feature to block services from internet access, so obviously they need the packet filter.

What services exactly? Source where I can read more about this?

It is in the posted thread.
https://forum.openmandriva.org/t/systemd-should-we-really-be-concerned-about-this/7548/15
https://www.ctrl.blog/entry/systemd-application-firewall.html

 

Re: Systemd...exactly what some of us where afraid of

Reply #21
Quote from: sudo_halt – on
Quote from: dpx – on


What services exactly? Source where I can read more about this?

It is in the posted thread.
https://forum.openmandriva.org/t/systemd-should-we-really-be-concerned-about-this/7548/15
https://www.ctrl.blog/entry/systemd-application-firewall.html



Thank you. I am not convinced, like with many systemd decisions it looks like made up problem to justify 'solution'. I wouldn't be comfortable in having systemd decide what's correct setup, nor trust them not to feature creep this bit, but I am not on systemd already. If it is documented doesn't mean it makes sense, so I would be careful in declaring something as nothingburger.