Most Linux users know some systemd by now. There is systemd stop $someservice and systemd disable $someservice. If you think that’s all one has to know about systemd you’re missing out on a lof of features. That’s not the story for today tho.

Some services tend to come back even when disabled and stopped. Socket services come to mind. This is e.g. the case for rpcbind starting a portmapper service on tcp/111 that can be used for a DDoS reflection attack. There are various ways to deal with this from uninstall to firewalling or to mask this service. Since everbody on Linux gets to pick their own poision I decided to use mask to make sure this can simply no longer start without having to break dependencies by removing it or fiddle with the firewall:

systemctl stop rpcbind.service
systemctl mask rpcbind.service
Created symlink /etc/systemd/system/rpcbind.service → /dev/null.
systemctl daemon-reload

A masked service can not even be restarted manually any more. It’s dead in the water as long as this symlink exists.

Read more on this from Poettering himself:

http://0pointer.de/blog/projects/three-levels-of-off

2 thoughts on “Use mask to kill systemd services for good

      • Mala Persona
      • Alex