Interesting stuff about hardening services with systemd can be read in this article.
Some example commands are
systemd-analyze security and
systemd-analyze security sssd.service
Is there a reason why the majority of services are labeled as
UNSAFE on my Fedora 34 system? Is this
systemd-analyze security maybe something that can be included in the RPM packaging guidelines? To inspire more systemd hardening features to be enabled by default.
Of course, it doesn’t make sense to enable all security hardening, if that cripples a service. But I’m just wondering if this is taken into account by the security team of Fedora.