Open juju4 opened 2 years ago
This change (https://github.com/juju4/omi/commit/8621f1ff79611199b2400011adb16ad1550d7234) adds security hardening capabilities from systemd per https://www.freedesktop.org/software/systemd/man/systemd.exec.html
It brings down exposure level from 9.6 to 2.8 (systemd-analyze security omid) and would likely limit impact of vulnerability like recent one (https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure)
systemd-analyze security omid
It requires more extensive testing as I only ensured that service is started and no error in /var/opt/omi/log/omiserver.log.
thanks for filing it, we will check it.
This change (https://github.com/juju4/omi/commit/8621f1ff79611199b2400011adb16ad1550d7234) adds security hardening capabilities from systemd per https://www.freedesktop.org/software/systemd/man/systemd.exec.html
It brings down exposure level from 9.6 to 2.8 (
systemd-analyze security omid
) and would likely limit impact of vulnerability like recent one (https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure)It requires more extensive testing as I only ensured that service is started and no error in /var/opt/omi/log/omiserver.log.