I've attached an early version of a program to generate systemd security settings from SE Linux policy. The aim of this is to lock down daemons on non-SE systems while using tested policy and to also act as a second level of security on SE Linux systems while giving a lower score for "systemd-analyze security". Anyone have any ideas for how to automatically determine SystemCallFilter values from policy? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
Attachment:
pol2systemd.pl
Description: Perl program
