Skip to content

DOCTEAM-1303: adds securing related topics to article #467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Amrita42 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

DOCTEAM-1303: adds securing related topics to article #467

Amrita42 wants to merge 1 commit into from

Conversation

@Amrita42
Copy link
Contributor

@Amrita42 Amrita42 commented May 20, 2025

Description

Describe the overall goals of this pull request.

Are there any relevant issues/feature requests?

DOCTEAM-1303

Is this (based on) existing content?

Yes , based on existing content
https://documentation.suse.com/smart/security/html/systemd-securing/index.html#systemd-securing-techniques

@Amrita42 Amrita42 mentioned this pull request May 20, 2025
Closed
@Amrita42
Copy link
Contributor Author

Amrita42 commented May 20, 2025

systemd-setting-up-service_en.pdf

@Amrita42 Amrita42 self-assigned this May 20, 2025
@Amrita42 Amrita42 requested a review from taroth21 May 20, 2025 11:39
@Amrita42 Amrita42 added the WIP Work in progress. Do not merge! label May 20, 2025
taroth21
taroth21 requested changes Jul 17, 2025
View reviewed changes
Copy link
Contributor

@taroth21 taroth21 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Amrita42 : Many thanks - looks good overall! I suggested to tweak the structure of the task topic a bit to make the 'hardening' part more prominent/visible (see my comments in the task file).

Also in the assembly, I was wondering if it would be better to make both the concept and the task appear in the same section of the article (if it is technically possible).

Currently, the article sections look like this in the output format:

6 The sysctemctl edit command
7 Securing systemd services
7.1 Why is securing systemd services important?
7.2 What is the systemd-analyze security command?
8 How to analyze the security of a systemd service?
9 Debugging a systemd service

I could imagine the following structure:
7 Securing systemd services
7.1 Why is securing systemd services important?
7.2 What is the systemd-analyze security command?
7.3 How to analyze the security of a systemd service?
7.4 How to harden a systemd service?

Then you would have everything about 'securing' in one section and the section before and after are dealing with different topics anyway.

tasks/systemd-example-secure-service.xml
</varlistentry>
</variablelist>
<para>These are some options you can use.</para>
</topic> No newline at end of file
Copy link
Contributor

@taroth21 taroth21 Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is adding the directives everything there is to it? No further steps required like restarting the daemon or the systemd service? And how about testing the new settings (e.g. controlling the logs for any errors or denied operations to make sure that the new restrictions haven't broken the service's legitimate operations)? This would fit in nicely with the next topic, debugging systemd options.

Copy link
Contributor Author

@Amrita42 Amrita42 Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to take another approach here , by showing an example of using one of the option

@Amrita42
Copy link
Contributor Author

Amrita42 commented Nov 12, 2025
edited
Loading

Since its been ages , I am going to create a new PR (rebase may cause huge issues so I wont take that risk) , will close this PR once I create .

Ref #599

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@taroth21 taroth21 taroth21 requested changes

Assignees

@Amrita42 Amrita42

Labels

WIP Work in progress. Do not merge!

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Amrita42 @taroth21