Goal: To identify attackers attempting to exploit vulnerabilities in the service or to gain persistence on the system.
Approach: Monitoring the fake service for any signs of interaction or modification.This element involves creating a fake systemd service that mimics a legitimate service but performs a deceptive action, such as logging login attempts, triggering alerts, or redirecting connections to a honeypot.
Attackers who attempt to interact with or modify the fake service will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to compromise the system.