On 2023-07-03 14:21, RL wrote:
Russell Coker <russ...@coker.com.au> writes:
https://wiki.debian.org/ReleaseGoals/SystemdAnalyzeSecurity
I think we should make it a release goal to have as many daemons as
possible running with systemd security features to aim for a low score
from "systmd- analyze security".
It would be great if we could get a lintian check for this.
The wiki page says, "systemd-analyze now supports working offline" (i.e.
it can operate on files in the filesystem rather than talking to systemd
about only installed services). Lack of that was previously a blocker
for such a lintian check.
This repos from Trent Buck has a lot of research -
https://github.com/cyberitsolutions/prisonpc-systemd-lockdown/tree/main/systemd/system/0-EXAMPLES
Indeed.
--
Richard