Mastodawn

Edit: Solved, see reply in thread

More fun with Debian 13:

On two of my machines I noticed screen erroring out, as the permissions for /run/screen are wrong.

Seems this is caused by systemd-tmpfiles services failing to start. Unfortunately the journal for all the services are not helpful, as the only unusual thing I find is this:

```
Okt 12 15:34:58 XXX systemd[1]: /lib/systemd/system/systemd-tmpfiles-setup.service:26: Unknown key 'ImportCredential' in section [Service], ignoring.
```

Funnily enough, this file comes from the systemd package, not sure why it includes ImportCredential that systemd does not understand.

Digging further...

#Debian #systemd #tmpfiles #Trixies #homelab #AdminLife

Light🐧⁂Dec 16, 2024

Yay 😂, changes happend in systemd now no longer have all those tmpfiles in the outpout "df". 🥳
I'm glad that I let those tmpfiles to just be, because it got fixed by the devs. And not only that, after I looked into the "/usr/share/doc/systemd/NEWS" file in the vary beginning under the list of "Incompatible changes" the first thing is about the "--purge" switch.

#systemd #tmpfiles #df

Show thread

Sophos X-Ops Apr 27, 2023

Post-exploitation activity targeting #PaperCut often results in #PowerShell commands being executed by the pc-app.exe parent process. We've collected logs of the affected system downloading #Atera remote monitoring software to the victim. (Atera is, of course, legitimate software, being abused by the attackers in this situation.)

Different threat groups are abusing PowerShell in different ways. One group calls PowerShell commands directly, as shown here. This particular attacker delivered a ransomware binary that was hosted on the ephemeral file host #tmpfiles (files hosted there are deleted from the server after 60 minutes):

3/6