Re: systmd-analyze security as a release goal

To: debian-devel@lists.debian.org
Subject: Re: systmd-analyze security as a release goal
From: Richard Laager <rlaager@wiktel.com>
Date: Mon, 3 Jul 2023 15:41:30 -0500
Message-id: <[🔎] 67820386-a724-9ce0-51db-ddacd10d6b11@wiktel.com>
In-reply-to: <[🔎] 86jzvg6btb.fsf@simplex.rtf.org.uk>
References: <[🔎] 13735258.RDIVbhacDa@cupcakke> <[🔎] 86jzvg6btb.fsf@simplex.rtf.org.uk>

On 2023-07-03 14:21, RL wrote:

Russell Coker <russell@coker.com.au> writes:

https://wiki.debian.org/ReleaseGoals/SystemdAnalyzeSecurity

I think we should make it a release goal to have as many daemons as
possible running with systemd security features to aim for a low score
from "systmd- analyze security".


It would be great if we could get a lintian check for this.

The wiki page says, "systemd-analyze now supports working offline" (i.e.it can operate on files in the filesystem rather than talking to systemdabout only installed services). Lack of that was previously a blockerfor such a lintian check.

This repos from Trent Buck has a lot of research -
https://github.com/cyberitsolutions/prisonpc-systemd-lockdown/tree/main/systemd/system/0-EXAMPLES


Indeed.

--
Richard

Reply to:

References:
- systmd-analyze security as a release goal
  - From: Russell Coker <russell@coker.com.au>
- Re: systmd-analyze security as a release goal
  - From: RL <richard.lewis.debian@googlemail.com>

Prev by Date: Re: systmd-analyze security as a release goal
Next by Date: Re: systmd-analyze security as a release goal
Previous by thread: Re: systmd-analyze security as a release goal
Next by thread: Re: systmd-analyze security as a release goal
Index(es):
- Date
- Thread