Bug#1080020: RFP: shh -- Automatic systemd service hardening guided by strace profiling
Package: wnpp
Severity: wishlist
X-Debbugs-Cc: vilmar@debian.org
* Package name : shh
Version : 2024.6.4
Upstream Contact: Maxime Desbrus <maxime.desbrus@synacktiv.com>
* URL : https://github.com/desbma/shh
* License : GPL-3
Programming Lang: Rust
Description : Automatic systemd service hardening guided by strace profiling
Systemd Hardening Helper (SHH), a tool to automatically build a
set of hardening options for a service using runtime profiling.
.
The goal of SHH is to automatically generate a set of optimal
hardening options for a given service. To do that, SHH must run
on the same system as the service, as it relies on runtime
profiling. By running the service in normal conditions, we can
build a profile of what the program does, which we can use to
know what it does not do, and build a hardening configuration
to prevent it from doing it, by the principle of the least
privilege.
I tried to package it, but I ran into a missing build dependency
(librust-function-name-dev) that's not in the Debian archive yet.
You can find librust-function-name-dev at https://github.com/danielhenrymantilla/rust-function_name
If you're interested in packaging shh, feel free to build on the
work done so far, available at https://salsa.debian.org/vilmar/shh
It might be a great idea to keep shh under the pkg-security team’s umbrella!
Regards,
--
Francisco Vilmar Cardoso Ruviaro <vilmar@debian.org>
4096R: 1B8C F656 EF3B 8447 2F48 F0E7 82FB F706 0B2F 7D00
Reply to: