Harden services with systemd

A Hard Nut to Crack

Article from ADMIN 67/2022
By
Systemd comes with a metric for determining the security of your system, letting you track how any service can be secured step-by-step in a sandbox.

One of the most important goals in the development of systemd is securing Linux. Of course, you can only improve what can be measured, which is why Galileo Galilei advised: "Measure what is measurable, and make measurable what is not." Following this maxim, systemd now makes system security under Linux measurable and improvable.

More specifically, it is the systemd-analyze security command that allows this measurement. When executed, it returns a table like that shown in Figure 1, listing each service managed by systemd (UNIT ); a numerical value for the degree of protection (EXPOSURE , where 10 is both the highest and worst value); a verbal translation of this value (PREDICATE ); and another version of the rating (HAPPY ) in the form of an emoji.

Figure 1: Tabular rating of services by security aspects.

Additionally, systemd-analyze can reveal how it arrives at its assessment: To see this, start it with the name of a service unit. As shown in Figure 2, it lists all the factors that have been checked, along with a checkmark for passed or an X for failed.

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus