1w ago

Systemd Service Hardening

SystemD Service Hardening

cross-posted from: https://infosec.pub/post/32937284

This one is a little self-hosting specific, and more casual Linux best practices, but I've got a new blog post down for general security! Harden your systemd units (especially custom ones) for better peace of mind on the internet!

Pulse of Truth @infosec.pub

Resident Pulser @infosec.pub

BOT

2d ago

SystemD Service Hardening

roguesecurity.dev /blog/systemd-hardening

Selfhosted @lemmy.world

StarkZarn @infosec.pub

1w ago

Systemd Service Hardening

roguesecurity.dev /blog/systemd-hardening

4 comments

Adding PrivateNetwork=yes to your systemd units is a game changer for services that don't need network access - it completly isolates the service from the network and prevents any outbound connections.
- Good callout! You're absolutely right, and here I was primarily focused on publicly accessible services. Thanks for the addition.
I definitely learnt (more than) a few things from your write up, thank you sir!
- Very glad to gear it! Learning new stuff with Linux is the fun part of the journey.