systemd:security_overview_of_systemd_services
This is an old revision of the document!
systemd - Security overview of systemd services
systemd enable services to run with a whole suite of hardening and sandboxing features from the Linux kernel.
The Linux kernel can filter and limit access to file systems, networks, devices, kernel capabilities and system calls (syscalls), and more.
Check current security
systemd-analyze security
returns:
UNIT EXPOSURE PREDICATE HAPPY ModemManager.service 5.8 MEDIUM ๐ NetworkManager.service 7.8 ^[[0;1;38;5;185mEXPOSED ๐ accounts-daemon.service 9.6 UNSAFE ๐จ acpid.service 9.6 UNSAFE ๐จ alsa-state.service 9.6 UNSAFE ๐จ anacron.service 9.6 UNSAFE ๐จ apache2.service 9.2 UNSAFE ๐จ apport.service 9.6 UNSAFE ๐จ avahi-daemon.service 9.6 UNSAFE ๐จ bluetooth.service 6.8 MEDIUM ๐ colord.service 8.8 ^[[0;1;38;5;185mEXPOSED ๐ cron.service 9.6 UNSAFE ๐จ cups-browsed.service 9.6 UNSAFE ๐จ cups.service 9.6 UNSAFE ๐จ dbus.service 9.6 UNSAFE ๐จ dm-event.service 9.5 UNSAFE ๐จ dmesg.service 9.6 UNSAFE ๐จ emergency.service 9.5 UNSAFE ๐จ expressvpn.service 9.6 UNSAFE ๐จ gdm.service 9.8 UNSAFE ๐จ geoclue.service 7.4 MEDIUM ๐ getty@tty1.service 9.6 UNSAFE ๐จ grub-common.service 9.6 UNSAFE ๐จ hddtemp.service 9.6 UNSAFE ๐จ irqbalance.service 6.1 MEDIUM ๐ kerneloops.service 9.2 UNSAFE ๐จ libvirtd.service 9.6 UNSAFE ๐จ lvm2-lvmpolld.service 9.5 UNSAFE ๐จ lxcfs.service 9.6 UNSAFE ๐จ networkd-dispatcher.service 9.6 UNSAFE ๐จ nvidia-persistenced.service 9.6 UNSAFE ๐จ ondemand.service 9.6 UNSAFE ๐จ php7.4-fpm.service 9.6 UNSAFE ๐จ plymouth-start.service 9.5 UNSAFE ๐จ polkit.service 9.6 UNSAFE ๐จ rc-local.service 9.6 UNSAFE ๐จ rescue.service 9.5 UNSAFE ๐จ resolvconf.service 9.5 UNSAFE ๐จ rsync.service 9.6 UNSAFE ๐จ rsyslog.service 9.6 UNSAFE ๐จ rtkit-daemon.service 7.1 MEDIUM ๐ snap.lxd.daemon.service 9.6 UNSAFE ๐จ snapd.service 9.6 UNSAFE ๐จ switcheroo-control.service 7.5 ^[[0;1;38;5;185mEXPOSED ๐ systemd-ask-password-console.service 9.3 UNSAFE ๐จ systemd-ask-password-plymouth.service 9.5 UNSAFE ๐จ systemd-ask-password-wall.service 9.4 UNSAFE ๐จ systemd-fsckd.service 9.5 UNSAFE ๐จ systemd-initctl.service 9.3 UNSAFE ๐จ systemd-journald.service 4.4 OK ๐ systemd-logind.service 2.8 OK ๐ systemd-machined.service 6.1 MEDIUM ๐ systemd-networkd.service 3.1 OK ๐ systemd-resolved.service 2.2 OK ๐ systemd-rfkill.service 9.3 UNSAFE ๐จ systemd-timesyncd.service 2.1 OK ๐ systemd-udevd.service 8.4 ^[[0;1;38;5;185mEXPOSED ๐ thermald.service 9.6 UNSAFE ๐จ udisks2.service 9.6 UNSAFE ๐จ unattended-upgrades.service 9.6 UNSAFE ๐จ upower.service 2.3 OK ๐ user@1000.service 9.4 UNSAFE ๐จ user@125.service 9.4 UNSAFE ๐จ uuidd.service 4.5 OK ๐ virtlockd.service 9.6 UNSAFE ๐จ virtlogd.service 9.6 UNSAFE ๐จ whoopsie.service 9.6 UNSAFE ๐จ wpa_supplicant.service 9.6 UNSAFE ๐จ
systemd/security_overview_of_systemd_services.1610540157.txt.gz ยท Last modified: 2021/01/13 12:15 by peter