Systemd/Hardening/ru: Difference between revisions
Created page with "<syntaxhighlight lang="nix"> { pkgs }: { systemd.services.myService = { serviceConfig = { ExecStart = "${pkgs.tmux}/bin/tmux -S /run/myService/tmux.socket new-session -s my-session -d"; ExecStop = "${pkgs.tmux}/bin/tmux -S /run/myService/tmux.socket kill-session -t my-session"; Type = "forking";" |
Created page with "Опции служб Systemd по умолчанию довольно слабые по защищённости, поэтому часто бывает желательно рассмотреть способы усиления безопасности служб Systemd." |
||
| Line 1: | Line 1: | ||
{{Systemd/breadcrumb}} | {{Systemd/breadcrumb}} | ||
Опции служб Systemd по умолчанию довольно слабые по защищённости, поэтому часто бывает желательно рассмотреть способы усиления безопасности служб Systemd. | |||
Systemd | |||
<div lang="en" dir="ltr" class="mw-content-ltr"> | <div lang="en" dir="ltr" class="mw-content-ltr"> | ||
A good way to get started on a given service is to look at the output of the command <code>systemd-analyze security myService</code>. From there, you can look at the documentation for the options you see in the output, often in <code>man systemd.exec</code> or <code>man systemd.resource-control</code>, and set the appropriate options for your service. | A good way to get started on a given service is to look at the output of the command <code>systemd-analyze security myService</code>. From there, you can look at the documentation for the options you see in the output, often in <code>man systemd.exec</code> or <code>man systemd.resource-control</code>, and set the appropriate options for your service. | ||