sst/README.org
J S 5147330bc6
feat[build,docs] Added makefile and documentation.
Added a license (GPLv3)
Added a Makefile for easier building
Added a Readme
2023-12-20 10:00:08 -05:00

1.2 KiB

Systemd security tool

sst is a command-line tool that empowers administrators with quick editing capabilities.

Purpose

Systemd has a great deal of security options, from namespace specifiers to syscall filters to pathname blockers. Remembering all of these is difficult, and it can be a time-consuming process to apply hardening settings.

sst aims to fix that by providing a tool with built-in libraries of configurations, and an easy-to-use command-line interface.

Features

  • Edit systemd files from the command-line
  • -b backup flag to save .systemd files into LOCATION.
  • -s security flag to apply quick configurations
  • Default configurations for common services
  • Automatic Apache and Nginx READWRITEPATHS detection

Building

The makefile is set up for steel bank common lisp, but it should be trivial to use another implementation that loads asdf. As of [2023-12-20] I have not knowingly used any sbcl-specific features.

build.lisp uses quicklisp to load the system, which means sst.asd must be in a directory that asdf will check in. The easiest way to achieve this is to clone this repository into /home/username/common-lisp/sst/. Then run

make
.