judahsotomayor/sst
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
80782250e7
sst/README.org
J S 80782250e7
fixed image link (hopefully)
2023-12-20 13:12:51 -05:00

1.3 KiB
Raw Blame History

Systemd security tool

sst is a command-line tool that empowers administrators with quick editing capabilities.

Purpose

Systemd has a great deal of security options, from namespace specifiers to syscall filters to pathname blockers. Remembering all of these is difficult, and it can be a time-consuming process to apply hardening settings.

sst aims to fix that by providing a tool with built-in libraries of configurations, and an easy-to-use command-line interface.

Features

  • Edit systemd files from the command-line
  • -b backup flag to save .systemd files into LOCATION.
  • -s security flag to apply quick configurations
  • -S security flag for extreme security.
  • -n security flag to block network reconfig
  • Default configurations for common services
  • Automatic Apache and Nginx READWRITEPATHS detection

/judahsotomayor/sst/media/commit/80782250e7ba983ad787186be2a15634ca6d3ee7/.assets/lisplogo_128.png

Building

The makefile is set up for steel bank common lisp, but it should be trivial to use another implementation that loads asdf. As of [2023-12-20] I have not knowingly used any sbcl-specific features.

build.lisp uses quicklisp to load the system, which means sst.asd must be in a directory that asdf will check in. The easiest way to achieve this is to clone this repository into /home/username/common-lisp/sst/. Then run 

make
.