On 22/08/2022 20.10, Kenton Groombridge wrote:
Hi everyone,I noticed that there are many systemd units which are shipped by various packages which could be hardened, some further than they are currently and some that could use some hardening in general.
Yes, please. Nevertheless, as others have already pointed out, this is an upstream issue and should be treated as such. That is, please feel encouraged and encourage others to submit patches upstream that adds hardening measurements to their systemd units. I usually find
https://ruderich.org/simon/notes/systemd-service-hardening a good starting point when I want to harden a service.By addressing this upstream, everyone benefits, and potential issues caused by the hardening measurements are fixed faster (as they affect a more extensive user base).
- Flow
OpenPGP_0x8CAC2A9678548E35.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature