Go to file

J S 99aa9bb433 feat[flags] Added backup functionality		2023-12-20 12:01:08 -05:00
src	feat[flags] Added backup functionality	2023-12-20 12:01:08 -05:00
test	feat[flags] Added backup functionality	2023-12-20 12:01:08 -05:00
build.lisp	feat[license] Added gpl boilerplate	2023-12-20 10:02:13 -05:00
LICENSE	feat[build,docs] Added makefile and documentation.	2023-12-20 10:00:08 -05:00
Makefile	feat[build,docs] Added makefile and documentation.	2023-12-20 10:00:08 -05:00
packages.lisp	feat[license] Added gpl boilerplate	2023-12-20 10:02:13 -05:00
README.org	feat[build,docs] Added makefile and documentation.	2023-12-20 10:00:08 -05:00
sst	feat[flags] Added backup functionality	2023-12-20 12:01:08 -05:00
sst.asd	feat[license] Added gpl boilerplate	2023-12-20 10:02:13 -05:00

README.org

Systemd security tool

Purpose
Features
Building

sst is a command-line tool that empowers administrators with quick editing capabilities.

Purpose

Systemd has a great deal of security options, from namespace specifiers to syscall filters to pathname blockers. Remembering all of these is difficult, and it can be a time-consuming process to apply hardening settings.

sst aims to fix that by providing a tool with built-in libraries of configurations, and an easy-to-use command-line interface.

Features

Edit systemd files from the command-line
-b backup flag to save .systemd files into LOCATION.
-s security flag to apply quick configurations
Default configurations for common services
Automatic Apache and Nginx READWRITEPATHS detection

Building

The makefile is set up for steel bank common lisp, but it should be trivial to use another implementation that loads asdf. As of [2023-12-20] I have not knowingly used any sbcl-specific features.

build.lisp uses quicklisp to load the system, which means sst.asd must be in a directory that asdf will check in. The easiest way to achieve this is to clone this repository into /home/username/common-lisp/sst/. Then run

make