Skip to main content

Protip: systemctl disable: disable from launching at boot time. If you want to make sure a service cannot be started at all, what you want is systemctl mask.

e.g., if the (insecure) rsync daemon could be running at the moment, these three should have you covered:

sudo systemctl stop rsync
sudo systemctl disable rsync
sudo systemctl mask rsync

(PS. Yeah, you really shouldn’t be running the rsync daemon. And you don’t need it to use rsync over ssh.)

#systemd #rsync #security

there's also disable --now which is like disable && stop

systemd systemctl tip:

enable, disable, and mask all accept "--now" to also apply the setting to the running system at the same time.

So, to mask rsync, it can be shortened to one command:

sudo systemctl mask --now rsync

this is a real thing you should be checking, some bad distros (*caugh* those with dpkg) will autostart services you should *never* run on an open network, like rpcbind