Package: wnpp Severity: wishlist X-Debbugs-Cc: vil...@debian.org * Package name : shh Version : 2024.6.4 Upstream Contact: Maxime Desbrus <maxime.desb...@synacktiv.com> * URL : https://github.com/desbma/shh * License : GPL-3 Programming Lang: Rust Description : Automatic systemd service hardening guided by strace profiling
Systemd Hardening Helper (SHH), a tool to automatically build a set of hardening options for a service using runtime profiling. . The goal of SHH is to automatically generate a set of optimal hardening options for a given service. To do that, SHH must run on the same system as the service, as it relies on runtime profiling. By running the service in normal conditions, we can build a profile of what the program does, which we can use to know what it does not do, and build a hardening configuration to prevent it from doing it, by the principle of the least privilege. I tried to package it, but I ran into a missing build dependency (librust-function-name-dev) that's not in the Debian archive yet. You can find librust-function-name-dev at https://github.com/danielhenrymantilla/rust-function_name If you're interested in packaging shh, feel free to build on the work done so far, available at https://salsa.debian.org/vilmar/shh It might be a great idea to keep shh under the pkg-security team’s umbrella! Regards, -- Francisco Vilmar Cardoso Ruviaro <vil...@debian.org> 4096R: 1B8C F656 EF3B 8447 2F48 F0E7 82FB F706 0B2F 7D00
