mirror of https://github.com/sipwise/mediator.git
ngcp-mediator service state BEFORE this change: | $ systemd-analyze security ngcp-mediator | tail -1 | → Overall exposure level for ngcp-mediator.service: 9.5 UNSAFE 😨 ngcp-mediator service state AFTER this change: | $ sudo COLUMNS=142 systemd-analyze security ngcp-mediator | grep -v '✓' | NAME DESCRIPTION EXPOSURE | ✗ PrivateNetwork= Service has access to the host's network 0.5 | ✗ User=/DynamicUser= Service runs as root user 0.4 | ✗ RestrictAddressFamilies=~AF_(INET|INET6) Service may allocate Internet sockets 0.3 | ✗ RestrictAddressFamilies=~… Service may allocate exotic sockets 0.3 | ✗ DeviceAllow= Service has a device ACL with some special devices 0.1 | ✗ IPAddressDeny= Service defines IP address whitelits with only localhost entries 0.1 | ✗ RestrictAddressFamilies=~AF_PACKET Service may allocate packet sockets 0.2 | ✗ SystemCallFilter=~@privileged System call whitelist defined for service, and @privileged is included 0.2 | ✗ RestrictAddressFamilies=~AF_NETLINK Service may allocate netlink sockets 0.1 | ✗ RootDirectory=/RootImage= Service runs within the host's root directory 0.1 | SupplementaryGroups= Service runs as root, option does not matter | RemoveIPC= Service runs as root, option does not apply | ✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1 | | → Overall exposure level for ngcp-mediator.service: 2.0 OK 🙂 Change-Id: If33c303b9df465393f15c0b685d1aab54a465df6mr9.3.1
parent
353093d704
commit
29cf8436b8
Loading…
Reference in new issue