I've been reading a blog from the renowned Daniel Aleksandersen at
https://www.ctrl.blog/entry/systemd-service-hardening.html

The output from a Debian-10 based Appvm looks a little scary!! Should I
be concerned?

user@tmp3:~$ systemd-analyze security
UNIT                                 EXPOSURE PREDICATE HAPPY
ModemManager.service                      5.6 MEDIUM    😐    
NetworkManager.service                    7.6 EXPOSED   🙁    
avahi-daemon.service                      9.5 UNSAFE    😨    
cron.service                              9.5 UNSAFE    😨    
cups-browsed.service                      9.5 UNSAFE    😨    
cups.service                              9.5 UNSAFE    😨    
dbus.service                              9.5 UNSAFE    😨    
dm-event.service                          9.5 UNSAFE    😨    
emergency.service                         9.5 UNSAFE    😨    
exim4.service                             9.5 UNSAFE    😨    
[email protected]                        9.5 UNSAFE    😨    
haveged.service                           5.6 MEDIUM    😐    
lvm2-lvmpolld.service                     9.5 UNSAFE    😨    
polkit.service                            9.5 UNSAFE    😨    
qubes-db.service                          9.5 UNSAFE    😨    
qubes-firewall.service                    9.5 UNSAFE    😨    
qubes-gui-agent.service                   9.5 UNSAFE    😨    
qubes-meminfo-writer.service              9.5 UNSAFE    😨    
qubes-qrexec-agent.service                9.5 UNSAFE    😨    
qubes-sync-time.service                   9.5 UNSAFE    😨    
qubes-updates-proxy.service               9.5 UNSAFE    😨    
rc-local.service                          9.5 UNSAFE    😨    

rescue.service                            9.5 UNSAFE    😨    
rsyslog.service                           9.5 UNSAFE    😨    
rtkit-daemon.service                      6.9 MEDIUM    😐    
[email protected]                 9.5 UNSAFE    😨    
systemd-ask-password-console.service      9.3 UNSAFE    😨    
systemd-ask-password-wall.service         9.3 UNSAFE    😨    
systemd-fsckd.service                     9.5 UNSAFE    😨    
systemd-initctl.service                   9.3 UNSAFE    😨    
systemd-journald.service                  4.3 OK        🙂    
systemd-logind.service                    4.1 OK        🙂    
systemd-networkd.service                  2.8 OK        🙂    
systemd-timesyncd.service                 2.0 OK        🙂    
systemd-udevd.service                     8.3 EXPOSED   🙁    
tinyproxy.service                         8.7 EXPOSED   🙁    
udisks2.service                           9.5 UNSAFE    😨    
[email protected]                         9.1 UNSAFE    😨    
wpa_supplicant.service                    9.5 UNSAFE    😨    
xendriverdomain.service                   9.5 UNSAFE    😨   

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5ef7ce43c466b45aa85567c01243739%40riseup.net.

Reply via email to