#+title: Systemd security tool =sst= is a command-line tool that empowers administrators with quick editing capabilities. * Purpose Systemd has a great deal of security options, from namespace specifiers to syscall filters to pathname blockers. Remembering all of these is difficult, and it can be a time-consuming process to apply hardening settings. =sst= aims to fix that by providing a tool with built-in libraries of configurations, and an easy-to-use command-line interface. * Features - [X] Edit systemd files from the command-line - [X] =-b= backup flag to save .systemd files into LOCATION. - [ ] =-s= security flag to apply quick configurations - [ ] Default configurations for common services - [ ] Automatic Apache and Nginx =READWRITEPATHS= detection * Building The makefile is set up for steel bank common lisp, but it should be trivial to use another implementation that loads =asdf=. As of [2023-12-20] I have not knowingly used any sbcl-specific features. =build.lisp= uses =quicklisp= to load the system, which means =sst.asd= must be in a directory that =asdf= will check in. The easiest way to achieve this is to clone this repository into =/home/username/common-lisp/sst/=. Then run src_sh{make}.