Protip: systemctl disable: disable from launching at boot time. If you want to make sure a service cannot be started at all, what you want is systemctl mask.

e.g., if the (insecure) rsync daemon could be running at the moment, these three should have you covered:

sudo systemctl stop rsync
sudo systemctl disable rsync
sudo systemctl mask rsync

(PS. Yeah, you really shouldn’t be running the rsync daemon. And you don’t need it to use rsync over ssh.)

@aral there's also disable --now which is like disable && stop

@aral also you don't really need sudo, systemctl will ask you to authenticate via PAM which may actually be nicer than sudo

@aral systemd systemctl tip:

enable, disable, and mask all accept "--now" to also apply the setting to the running system at the same time.

So, to mask rsync, it can be shortened to one command:

sudo systemctl mask --now rsync

@aral (Personally, I think systemd state and similar things, such as firewalld, shouldn't have a distinction between doing something and having it persist across reboots. It should all be in sync. Anyway…)

@aral this is a real thing you should be checking, some bad distros (*caugh* those with dpkg) will autostart services you should *never* run on an open network, like rpcbind

Sign in to participate in the conversation
Aral’s Mastodon

This is my personal Mastodon.