|
|
||
|---|---|---|
| .assets | ||
| lib | ||
| src | ||
| test | ||
| build.lisp | ||
| LICENSE | ||
| Makefile | ||
| packages.lisp | ||
| README.org | ||
| sst | ||
| sst.asd | ||
Systemd security tool
sst is a command-line tool that empowers administrators with quick editing capabilities.
Purpose
Systemd has a great deal of security options, from namespace specifiers to syscall filters to pathname blockers. Remembering all of these is difficult, and it can be a time-consuming process to apply hardening settings.
sst aims to fix that by providing a tool with built-in libraries of configurations,
and an easy-to-use command-line interface.
Features
- Edit systemd files from the command-line
-bbackup flag to save .systemd files into LOCATION.-ssecurity flag to apply quick configurations-Ssecurity flag for extreme security.-nsecurity flag to block network reconfig- Default configurations for common services
- Automatic Apache and Nginx
READWRITEPATHSdetection
Building
The makefile is set up for steel bank common lisp, but it should be trivial to use another implementation that loads asdf.
As of [2023-12-20] I have not knowingly used any sbcl-specific features.
build.lisp uses quicklisp to load the system, which means sst.asd must be in a directory that asdf will check in.
The easiest way to achieve this is to clone this repository into /home/username/common-lisp/sst/.
Then run
make