Hey folks,
I'm currently looking at running a security improvement project targeted
towards Debian at our company, and would like to gauge interest and search for
any prior work within the Debian community.
The short summary is that we're looking at improving the usage of systemd's
hardening options for services, sockets, timers, and the like within the Debian
ecosystem. Right now, usage levels are pretty varied and there aren't any
hardening guidelines in place for Debian packages as it relates to systemd
service hardening.
We want to plan and execute a project to develop, contribute, and (ideally
where possible) upstream changes to critical systemd services to better utilize
the available hardening features of systemd.
We've been talking to Alpha-Omega (an open-source security fund associated with
the OpenSSF, https://alpha-omega.dev/) about the idea, and they've indicated
willingness to fund the effort provided the money goes to the Debian project
and there's a greenlit plan in place.
With that background, I have two main questions and topics of discussion.
1. Is there any prior work on similar efforts? If it's been attempted in the
past, or if there's something already out there, I'd love to learn from it and
get involved.
2. Is there an interest from the Debian community for an effort like this, and
if so, who would like to collaborate to make it happen?
Something like this would obviously need coordination between package
maintainers and support from relevant developer teams to be most effective, so
we want to get out in front of any actual work to make sure there's a there
there.
Looking forward to hearing your thoughts!
--
Jarl Gullberg
CEO & CTO
Visar Systems AB
+46 73 644 96 64
[email protected]
https://visar-systems.com
