2023-12-20 15:00:08 +00:00
|
|
|
#+title: Systemd security tool
|
|
|
|
|
|
|
|
|
|
=sst= is a command-line tool that empowers administrators with quick editing capabilities.
|
|
|
|
|
|
|
|
|
|
* Purpose
|
|
|
|
|
Systemd has a great deal of security options, from namespace specifiers to syscall filters to pathname blockers.
|
|
|
|
|
Remembering all of these is difficult, and it can be a time-consuming process to apply hardening settings.
|
|
|
|
|
|
|
|
|
|
=sst= aims to fix that by providing a tool with built-in libraries of configurations,
|
|
|
|
|
and an easy-to-use command-line interface.
|
|
|
|
|
|
|
|
|
|
* Features
|
|
|
|
|
- [X] Edit systemd files from the command-line
|
|
|
|
|
- [X] =-b= backup flag to save .systemd files into LOCATION.
|
2023-12-20 18:06:27 +00:00
|
|
|
- [X] =-s= security flag to apply quick configurations
|
|
|
|
|
- [ ] =-S= security flag for extreme security.
|
|
|
|
|
- [ ] =-n= security flag to block network reconfig
|
2023-12-20 15:00:08 +00:00
|
|
|
- [ ] Default configurations for common services
|
|
|
|
|
- [ ] Automatic Apache and Nginx =READWRITEPATHS= detection
|
|
|
|
|
|
2023-12-20 18:12:51 +00:00
|
|
|
[[file:.assets/lisplogo_128.png]]
|
2023-12-20 18:06:27 +00:00
|
|
|
|
2023-12-20 15:00:08 +00:00
|
|
|
* Building
|
|
|
|
|
The makefile is set up for steel bank common lisp, but it should be trivial to use another implementation that loads =asdf=.
|
|
|
|
|
As of [2023-12-20] I have not knowingly used any sbcl-specific features.
|
|
|
|
|
|
|
|
|
|
=build.lisp= uses =quicklisp= to load the system, which means =sst.asd= must be in a directory that =asdf= will check in.
|
|
|
|
|
The easiest way to achieve this is to clone this repository into =/home/username/common-lisp/sst/=.
|
|
|
|
|
Then run src_sh{make}.
|
