Samuel FORESTIER HorlogeSkynet

0 Followers · 0 Following

• France
• https://mastodon.social/@HorlogeSkynet
• Joined on 2018-12-21

Repositories

30

Projects Packages Public Activity Starred Repositories

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/systemd-hardene.d from mirror 2026-05-10 08:00:38 +02:00

3f27034e40 sec(nitter): enables PrivateIPC

7fee797ecc sec(caddy): enables PrivateIPC

bd487ca9f7 sec(postgrey): enables PrivateIPC

2df75aaa5b sec(nginx): enables PrivateIPC

38307c7c43 sec(redis): enables PrivateIPC

Compare 10 commits »

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/systemd-hardene.d from mirror 2026-05-08 20:10:37 +02:00

072dca3208 sec!(isso): enables MemoryDenyWriteExecute

cba6e176d7 sec(isso): restricts service allowed system calls

cacda1e313 sec(isso): restricts service capabilities

88746c234f meta(github): publishes a proper FUNDING.yml file for sponsoring

42f2875a0d sec(redis): denies memfd_create as MemoryDenyWriteExecute recommends

Compare 11 commits »

HorlogeSkynet pushed to master at HorlogeSkynet/blog 2026-05-08 18:27:23 +02:00

f4a9aa9a3f Updates links to Isso project website

HorlogeSkynet pushed to master at HorlogeSkynet/blog 2026-05-08 18:15:23 +02:00

807e8edd8c Adds systemd-hardene.d project to "About" time-line

5b783d0119 [REDIS] Prefers pointing to proper systemd security overrides

Compare 2 commits »

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/systemd-hardene.d from mirror 2026-05-08 06:44:23 +02:00

b780f630e3 docs: fixes a typo by adding a missing "to"

82eb1cd95a feat: publishes mumble-server service overrides

Compare 2 commits »

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/systemd-hardene.d from mirror 2026-05-07 08:00:29 +02:00

0fb15f8ca9 fix(avahi-daemon): allows chroot as required by service

fb94c781d2 fix(postfix): chroot is usually required (and included in @privileged)

f1ab3adeb5 sec(nginx): only RO exposes /srv as files are usually served from there

fd72f5dabb fix(opendkim): fixes running as unprivileged user (setgroups usage)

960ccb0773 sec(opendkim): restricts /proc access and visibility

Compare 9 commits »

HorlogeSkynet synced new reference refs/heads/fix/no_system_encoding_partition_name to HorlogeSkynet/archey4 from mirror 2026-05-03 20:00:28 +02:00

HorlogeSkynet synced commits to refs/heads/fix/no_system_encoding_partition_name at HorlogeSkynet/archey4 from mirror 2026-05-03 20:00:28 +02:00

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/incroyable-elucid from mirror 2026-05-03 20:00:25 +02:00

63df58808f feat: adds another article from April 2026

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/incroyable-elucid from mirror 2026-05-02 10:04:26 +02:00

4f80294741 style: fix-up for 4c13b87b42

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/systemd-hardene.d from mirror 2026-05-01 22:04:31 +02:00

788ac66224 fix(redis): grants write capabilities on dedicated paths

414b0c02c7 sec(redis): restricts capabilities bounding set and /proc visibility

Compare 2 commits »

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/incroyable-elucid from mirror 2026-05-01 22:04:27 +02:00

4e4d2f9665 style: improves consistency across interview titles and subtitles

4c13b87b42 feat: adds article and interview from April 2026

Compare 2 commits »

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/systemd-hardene.d from mirror 2026-04-26 04:00:19 +02:00

0c513a4fbd chore: fixes a typo in .gitattributes collection path

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/systemd-hardene.d from mirror 2026-04-24 00:33:00 +02:00

45d6fe4493 feat: publishes isso service overrides

a5a4f05613 style(gitea): re-orders PrivateDevices in Private[...] block

233333eec2 feat: publishes freeradius service overrides

9d9206c85e feat: publishes rsyslog service overrides

b7664a26cb docs: fixes a typo in README FAQ (thanks @CaumartinYann !)

Compare 5 commits »

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/systemd-hardene.d from mirror 2026-04-22 00:33:00 +02:00

469c1d4e4e docs: fixes a typo in README FAQ (thanks @CaumartinYann !)

2eab4fad35 sec: enforces PrivateMounts in the Postfix override as well (027c17f)

6a60f27abd sec: enforces PrivateMounts in the "common and reliable pattern"

Compare 3 commits »

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/systemd-hardene.d from mirror 2026-04-18 20:26:26 +02:00

775745520c ci: fix-up for 3114d5181c

027c17f493 sec: enforces PrivateMounts for most of services

8689cb5787 doc: updates ProtectSystem documentation excerpt from upstream

255f50629e style: properly emphases CapabilityBoundingSet in PrivateUsers doc

c4c6d37b8f style: removes an extra leading whitespace in NetworkManager override

Compare 6 commits »

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/systemd-hardene.d from mirror 2026-04-15 01:10:46 +02:00

b675708280 ci: publishes systemd-analyze linting integration workflow

73d99e5a95 ci: publishes Dependabot configuration

d2664e1c22 fix(gitea): relaxes access to /home

5b7507b1f5 doc: fixes git-clone invocation

Compare 4 commits »

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/SgEExt from mirror 2026-04-14 00:00:09 +02:00

380d94852e [DOC] Fixes URL to KitKat octopus emoji image

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/SSHubl from mirror 2026-04-12 04:00:10 +02:00

8c30819396 Removes Ty ignore comments in main entry point

65932f1f6d Makes Ty properly ignore unresolved imports in tests/ modules

a2f5d74844 Adds missing project entries required by pyproject.toml

f34f86b2e1 Revert "Update pylint requirement from ~=3.2.7 to ~=3.3.9"

d7792ab3d5 Make (GitHub's) Linguist ignore vendored modules

Compare 5 commits »

HorlogeSkynet synced commits to refs/heads/master at HorlogeSkynet/awesome-thinkerview from mirror 2026-04-05 04:00:17 +02:00

d399c17ef5 Adds our selection for March 2026