systemd-analyze 不检测 systemctl edit 所做的更改

systemd-analyze 不检测 systemctl edit 所做的更改

我正在按照 Lynis 审计的建议,使用 .针对 Ubuntu 20.04 强化现有的 systemd 服务systemd-analyze。我想用来systemctl edit进行更改,但systemd-analyze不检测它们,而是仅在直接编辑服务文件时才检测它们。有什么方法可以链接/etc/systemd/system/我的服务.service.d/ 结果到主服务文件以便systemd-analyze了解更改?

令人恶心的是,我正在做的事情如下:

sudo lynis audit system

抱怨的是:

[+] Boot and services
------------------------------------
...
  - Check running services (systemctl)                        [ DONE ]
        Result: found 42 running services
  - Check enabled services at boot (systemctl)                [ DONE ]
        Result: found 70 enabled services
  - Check startup files (permissions)                         [ OK ]
  - Running 'systemd-analyze security'
   ...
        - accounts-daemon.service:                            [ UNSAFE ]
...
  Suggestions (24):
  ----------------------------
  * Consider hardening system services [BOOT-5264] 
    - Details  : Run '/usr/bin/systemd-analyze security SERVICE' for each service
      https://cisofy.com/lynis/controls/BOOT-5264/
...

所以,我运行以下命令:

systemd-analyze security accounts-daemon.service

输出以下内容:

  NAME                                                        DESCRIPTION                       >
✗ PrivateNetwork=                                             Service has access to the host's network  >
✗ User=/DynamicUser=                                          Service runs as root user                 >
...
→ Overall exposure level for accounts-daemon.service: 9.6 UNSAFE 

相关内容