Am 11.10.23 um 13:41 schrieb Michael Biebl:
Am 11.10.23 um 12:54 schrieb Sam Morris:On 10/10/2023 19:22, Michael Biebl wrote:I intend to lock down rsyslog.service in Debian in one of the next uploads using the following systemd directivesHave you considered NoNewPrivileges=yes?This is turned in implicitly by some of the other options (e.g,. PrivateDevices=yes) but only if running without CAP_SYS_ADMIN, so for it to be effective you'd have to set it explicitly.Thanks. Will add it. ProtectControlGroups=yes ProtectHostname=yes are probably safe as well. So will add them too.
I uploaded those changes in rsyslog_8.2310.0-1 Please let me know, if you run into any issues. Thanks everyone who provided feedback so far. Michael
Description: OpenPGP digital signature