My love for systemd is no secret, I've blogged about it more than once. I especially love systemd's ability to harden services. What does this mean exactly? Systemd offers a wealth of directives that can restrict a service's access to files, syscalls, or even the network. This gives me peace of mind, knowing that even if the software running in the service has a vulnerability, the rest of the system stays protected. The Hardening Loop Hardening a systemd service isn't a one-shot task. It's an it...