DOCTEAM-1303: adds securing related topics to article

[Amrita42]

Description

Describe the overall goals of this pull request.

Are there any relevant issues/feature requests?

DOCTEAM-1303

Is this (based on) existing content?

Yes , based on existing content
https://documentation.suse.com/smart/security/html/systemd-securing/index.html#systemd-securing-techniques

[Amrita42]

systemd-setting-up-service_en.pdf

[taroth21]

@Amrita42 : Many thanks - looks good overall! I suggested to tweak the structure of the task topic a bit to make the 'hardening' part more prominent/visible (see my comments in the task file).

Also in the assembly, I was wondering if it would be better to make both the concept and the task appear in the same section of the article (if it is technically possible).

Currently, the article sections look like this in the output format:

6 The sysctemctl edit command
7 Securing systemd services
7.1 Why is securing systemd services important?
7.2 What is the systemd-analyze security command?
8 How to analyze the security of a systemd service?
9 Debugging a systemd service

I could imagine the following structure:
7 Securing systemd services
7.1 Why is securing systemd services important?
7.2 What is the systemd-analyze security command?
7.3 How to analyze the security of a systemd service?
7.4 How to harden a systemd service?

Then you would have everything about 'securing' in one section and the section before and after are dealing with different topics anyway.

[taroth21]

I would subdivide this file into two sections, one for <systemd-analyze security> and the second one for improving the overall exposure. Because the second part is at least equally important (if not more important), and it currently does not get the same 'weight' like the first part.

[taroth21]

I would start the second section here (with a title like 'How to improve the overall exposure' or ' How to harden systemd services). Looking at the PDF, <emphasis> just renders the text in italics - it's easy to overlook and does not look similar to the other titles.

[taroth21]

Suggested change

	<para>If you get <emphasis>9.6 UNSAFE</emphasis>, you can use <literal>[Section]</literal> part of the service definition file to add any of the below options. For example:</para>
	<para>If you get a high exposure rate like <emphasis>9.6 UNSAFE</emphasis> (or similar), you can use the <literal>[Service]</literal> part of the service definition file to add directives. </para>

[taroth21]

I'm not 100% sure if it should be [Service] instead of [Section] but it looks like it from the example below.

[taroth21]

I would wrap the screen (plus the other available options) into an <example> element (with a title like Adding Hardening Directives or similar).

[taroth21]

Is adding the directives everything there is to it? No further steps required like restarting the daemon or the systemd service? And how about testing the new settings (e.g. controlling the logs for any errors or denied operations to make sure that the new restrictions haven't broken the service's legitimate operations)? This would fit in nicely with the next topic, debugging systemd options.