Re: systmd-analyze security as a release goal

To: debian-devel@lists.debian.org
Subject: Re: systmd-analyze security as a release goal
From: RL <richard.lewis.debian@googlemail.com>
Date: Mon, 03 Jul 2023 20:21:20 +0100
Message-id: <[🔎] 86jzvg6btb.fsf@simplex.rtf.org.uk>
Mail-followup-to: debian-devel@lists.debian.org
References: <[🔎] 13735258.RDIVbhacDa@cupcakke>

Russell Coker <russell@coker.com.au> writes:

> https://wiki.debian.org/ReleaseGoals/SystemdAnalyzeSecurity
>
> I think we should make it a release goal to have as many daemons as
> possible running with systemd security features to aim for a low score
> from "systmd- analyze security".


This repos from Trent Buck has a lot of research -
https://github.com/cyberitsolutions/prisonpc-systemd-lockdown/tree/main/systemd/system/0-EXAMPLES

(One of the issues for services that send email is that it is very
easy to break exim)

Reply to:

Follow-Ups:
- Re: systmd-analyze security as a release goal
  - From: Richard Laager <rlaager@wiktel.com>
- Re: systmd-analyze security as a release goal
  - From: Simon McVittie <smcv@debian.org>
- Re: systmd-analyze security as a release goal
  - From: Marco d'Itri <md@Linux.IT>
- Re: systemd-analyze security as a release goal
  - From: "Trent W. Buck" <trentbuck@gmail.com>

References:
- systmd-analyze security as a release goal
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Bug#1040235: ITP: golang-github-xhit-go-str2duration -- Convert string to duration in golang
Next by Date: Re: systmd-analyze security as a release goal
Previous by thread: Re: systmd-analyze security as a release goal
Next by thread: Re: systmd-analyze security as a release goal
Index(es):
- Date
- Thread