Harden systemd services #16
Labels
compat: backwards
Represents a backwards compatible change. Existing functionality is wholly unaffected by changes.
priority: low
Non-essential issues that are neither affecting functionality nor usability.
type: feature/addition
Marks the request/implementation of a feature addition. Accompany with relevant labels.
type: feature/improvement
Marks the request/implementation of a feature improvement. Accompany with relevant labels.
Comments
Frontear
added
the
priority: low
Frontear
added
type: feature/improvement
|
This is an exceptional resource for this: https://linux-audit.com/systemd/how-to-harden-a-systemd-service-unit/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a fairly complex task as it requires fairly exhaustive testing to ensure nothings broken. There's a cool tool call https://github.com/desbma/shh, but I couldn't get it to work correctly on NixOS last time I tried, despite having packaged it. It may be worth attempting again to help out in the process.
Services should be hardened with the end-goal of being merged upstream into Nixpkgs. This will require extensive testing to ensure nothing breaks, and it may or may not be possible, hence this can be considered more of an idealistic goal rather than an absolute one.
The text was updated successfully, but these errors were encountered: