Home / ubuntu / Questions / 1086785
Accepted
Cliff Crerar
Asked: 2018-10-25 06:51:51 +0800 CST

Strange symbols in front of suspicious services

  • 772

I have an EC2 instance running a postfix-dovecot email server. I use an AWS security key to access this EC2 and I consider the security pretty tight.

When I run: systemctl list-units --type service --all

I see these suspicious looking entries on the list:

UNIT                           LOAD      ACTIVE   SUB     DESCRIPTION
ΓùÅ auditd.service             not-found inactive dead    auditd.service
ΓùÅ connman.service            not-found inactive dead    connman.service
ΓùÅ console-screen.service     not-found inactive dead    console-screen.service
ΓùÅ display-manager.service    not-found inactive dead    display-manager.service
ΓùÅ exim4.service              not-found inactive dead    exim4.service
ΓùÅ fcoe.service               not-found inactive dead    fcoe.service
ΓùÅ iscsi-shutdown.service     not-found inactive dead    iscsi-shutdown.service

My server is running: Spamassasin, Clamav, Spamass-milter and AppArmor

My server only allows authenticated access on SSL/TLS via a domain certificate signed by a trusted certificate authority. It does not allow mail to sent from unknown domain users or unknown clients.

Open ports on my EC2 security group for any IP address:
HTTP    80
HTTPS   443
IMAP    143
IMAPS   993
SMTPS   465
SMTPS   587
MYSQL   3306

Custom services 7500,8001,8002,8003,8080,8444,8443

SSH 22 Restricted to specific IP addresses

I can see these suspicious service entries are not running. I want to please know:

  1. What does it mean?
  2. What has happened and is it malicious?
  3. How does it affect my server?
  4. What action should I take?
email postfix dovecot amazon-ec2 mail-server

2 Answers

  1. Best Answer

    Those are special characters, and for whatever reason they are not displaying properly on whatever display device you are using. On my PuTTY SSH session to my server, they show as a yellow large dot. In the Ubuntu Serverguide, we have to manually change those characters to just a period, in order to satisfy our no non ACSII characters requirement in the master English code.

    There is nothing else wrong with your system.

    • 5 
  2. ΓùÅ auditd.service             not-found inactive dead    auditd.service

    systemctl is trying to display coloured warning dots, but you have banjanxed it by not using a terminal that decodes UTF-8.

    The services themselves are not-found. This is most likely because they are dangling references from other service units, named in their dependencies or orderings, with no service unit files existing for them.

    It is not compulsory to satisfy such dangling references. Far from it.

    • 1