diff --git a/Cargo.toml b/Cargo.toml index 71fba25..29673cc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,5 +30,8 @@ strip = "symbols" lto = "thin" codegen-units = 1 +[package.metadata.deb] +name = "cloudflare-ddns-rs" + [package.metadata.deb.systemd-units] unit-scripts = "systemd/" diff --git a/README.md b/README.md index 1c1ef6f..0a2e74b 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,15 @@ different IP address. ## Installation -First, create an initial file at `/etc/cloudflare-ddns.toml`. Populate it with -the following: +First, create an initial file at `/etc/cloudflare-ddns.toml`. Set the permissions +so that it is readable and writable by `root` only: + +``` +# sudo touch /etc/cloudflare-ddns.toml +# chmod 600 /etc/cloudflare-ddns.toml +``` + +Populate it with the following: ```toml [account] @@ -128,4 +135,17 @@ successful, installation is complete. A `.deb` package is created via [`cargo-deb`]. -[`cargo-deb`]: https://github.com/kornelski/cargo-deb \ No newline at end of file +[`cargo-deb`]: https://github.com/kornelski/cargo-deb + +## Security + +This project attempts to take security seriously. Please note the following +hardening notes applied by default. + +### Hardened `systemd` service configuration + +In principle, this service needs very little access to a host, and needs access +to the internet. As a result, the default `systemd` service configuration +aggressively restricts the capabilities of the binary to a minimum set of +features, namely access to the internet and dependency to do so. If you believe +more directives could be provided, please create a PR. \ No newline at end of file