Systemd/Hardening/ru: Difference between revisions

(One intermediate revision by one other user not shown)

Line 1:

~~<div lang="en" dir="ltr" class="mw-content-ltr">~~

Опции служб Systemd по умолчанию довольно слабые по защищённости, поэтому часто бывает желательно рассмотреть способы усиления безопасности служб Systemd.

Systemd~~'s service options are quite lax by default~~, ~~and so it is often desirable to look at ways to harden systemd services~~.

~~</div>~~

A good way to get started on a given service is to look at the output of the command <code>systemd-analyze security myService</code>. From there, you can look at the documentation for the options you see in the output, often in <code>man systemd.exec</code> or <code>man systemd.resource-control</code>, and set the appropriate options for your service.

Line 20:

Line 18:

</div>

While hardening a service, it often happens that you want a shell inside a hardened systemd unit, for ~~exemple~~ to check access to files, or check the network connectivity. One way to do this is to use tmux to create a session inside the service, and attaching to it outside of the service.

While hardening a service, it often happens that you want a shell inside a hardened systemd unit, for example to check access to files, or check the network connectivity. One way to do this is to use tmux to create a session inside the service, and attaching to it outside of the service.

</div>

Простой пример:

@@ Line 1: / Line 1: @@
 {{Systemd/breadcrumb}}
-<div lang="en" dir="ltr" class="mw-content-ltr">
+Опции служб Systemd по умолчанию довольно слабые по защищённости, поэтому часто бывает желательно рассмотреть способы усиления безопасности служб Systemd.
-Systemd's service options are quite lax by default, and so it is often desirable to look at ways to harden systemd services.
-</div>
 <div lang="en" dir="ltr" class="mw-content-ltr">
 A good way to get started on a given service is to look at the output of the command <code>systemd-analyze security myService</code>. From there, you can look at the documentation for the options you see in the output, often in <code>man systemd.exec</code> or <code>man systemd.resource-control</code>, and set the appropriate options for your service.
@@ Line 20: / Line 18: @@
 </div>
 <div lang="en" dir="ltr" class="mw-content-ltr">
-While hardening a service, it often happens that you want a shell inside a hardened systemd unit, for exemple to check access to files, or check the network connectivity. One way to do this is to use tmux to create a session inside the service, and attaching to it outside of the service.
+While hardening a service, it often happens that you want a shell inside a hardened systemd unit, for example to check access to files, or check the network connectivity. One way to do this is to use tmux to create a session inside the service, and attaching to it outside of the service.
 </div>
 Простой пример: