]> _ Git - hardening-scripts.git/commit
projects / hardening-scripts.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 46b5e5e) | patch
sandbox: Improve systemd template overrides
authormivirl <>
Sun, 26 May 2024 05:05:45 +0000 (00:05 -0500)
committermivirl <>
Sun, 26 May 2024 05:05:45 +0000 (00:05 -0500)
commit152c6c05e252cabda860227fb88aaacc4dae6e2b
tree9bf1d63e0d8b480a718e073dd06f0f21edff7fe3tree | snapshot
parent46b5e5e5948fecca8de532c56c794638fd87fb69commit | diff
sandbox: Improve systemd template overrides

Improved templates to make breakage less likely and rely less on
newer systemd features to provide security. Tested with v239 as the
earliest version, but should still work with earlier versions as well.

Exposure levels from `systemd-analyze security` on v252 (scale is
from 0-10 with lower being more secure)
- nginx: 2.3 OK
- apache2: 2.2 OK
linux.sh diff | blob | history
profiles/apache2-override.conf diff | blob | history
profiles/generic-override.conf diff | blob | history
profiles/httpd-override.conf [deleted file] blob | history
profiles/nginx-override.conf diff | blob | history
Blue team scripts for hardening machines