New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

leverage systemd hardening options for omid #698

Open

juju4 opened this issue Sep 19, 2021 · 1 comment

juju4 commented Sep 19, 2021

This change (juju4@8621f1f) adds security hardening capabilities from systemd per https://www.freedesktop.org/software/systemd/man/systemd.exec.html

It brings down exposure level from 9.6 to 2.8 (systemd-analyze security omid) and would likely limit impact of vulnerability like recent one (https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure)

It requires more extensive testing as I only ensured that service is started and no error in /var/opt/omi/log/omiserver.log.

The text was updated successfully, but these errors were encountered:

Contributor

JumpingYang001 commented Sep 21, 2021

thanks for filing it, we will check it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment