Added bug reports for auditd, udisks2, dictd, and memlockd
add suggestion for using usertags
|Deletions are marked like this.||Additions are marked like this.|
|Line 9:||Line 9:|
/!\ ToDo: use usertags to list bugs instead of manually editing the wiki.
Use systemd-analyze security to improve system security
The initial goal is to have every system service apart from login services (which need to support root logins or sudo from user logins) score MEDIUM or better in the output of "systemd-analyze security" for all common installations. This means all daemons used as part of a typical laptop installation and all the common server programs that are considered as part of a "LAMP" stack as well as common servers such as dhcp and samba that are often used.
Any service that can't meet these aims should have a document describing why it's not possible and ways of implementing work arounds to give good system security in spite of this.
Current Bug Reports
ToDo: use usertags to list bugs instead of manually editing the wiki.
network-manager bug #1032326 (needs upstream work)
wpasupplicant bug #1032233
auditd bug #1032327
udisks2 bug #1040203
dictd bug #1032331
memlockd bug #1040204
How to help
- Add yourself to the Advocates or Volunteers section as appropriate
- Test services on your systems and devise ways of improving the systemd security settings. You can run "systemctl edit whatever.service" to put in an override for a daemon and restart it to see if it works
- File bug reports suggesting changes that you have found to work and determined are likely to work for others
- Join the work in upstream projects, for some Debian packages like network-manager these changes won't be accepted unless accepted upstream
- All daemons, especially ones that run as root.
- Potentially programs run by "systemd --user" or maybe we should have a separate goal for that.
Debian Security Advisories: http://lists.debian.org/debian-security-announce/