Hardening Services
A common trope about system security is that the most secure system is one that isn’t powered on. Ideally, it is not only not powered on but encased in concrete and tossed into a very deep part of the ocean. Similarly, the most secure service is one that isn’t running. This is unrealistic, however. Where a service under systemd can really be restricted, there are other areas to be concerned about.
One of the first and quickest ways to harden a service—that is, to restrict what it has access to in order to protect it and the system on which it runs—is to force it to run with a limited set of permissions. You do this by forcing the service to run as a specific user who is granted permissions only on the system necessary to allow ...
Get Security Strategies in Linux Platforms and Applications, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
