Systemd service hardening tips

Interesting stuff about hardening services with systemd can be read in this article.

Some example commands are systemd-analyze security and systemd-analyze security sssd.service

Is there a reason why the majority of services are labeled as UNSAFE on my Fedora 34 system? Is this systemd-analyze security maybe something that can be included in the RPM packaging guidelines? To inspire more systemd hardening features to be enabled by default.

Of course, it doesn’t make sense to enable all security hardening, if that cripples a service. But I’m just wondering if this is taken into account by the security team of Fedora.