Harden services and validate Linux deployment

Author: SecAI-Hub

.gitattributes

@@ -0,0 +1,10 @@
+*.sh text eol=lf
+*.service text eol=lf
+*.timer text eol=lf
+*.socket text eol=lf
+*.target text eol=lf
+*.path text eol=lf
+*.mount text eol=lf
+files/system/usr/lib/systemd/system/* text eol=lf
+files/system/usr/libexec/secure-ai/* text eol=lf
+files/system/etc/greenboot/check/required.d/* text eol=lf

files/system/etc/secure-ai/policy/policy.yaml

@@ -97,7 +97,7 @@ search:
   block_high_pii_queries: true
   # Injection detection on inbound results
   detect_injection: true
-  # Audit every search (query hash + sanitized query + result count)
+  # Audit every search (query hash + length + redaction count + result count)
   audit: true
   # Search engines enabled in SearXNG (privacy-respecting only)
   allowed_engines:

files/system/usr/lib/systemd/system/secure-ai-clipboard-clear.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=Secure AI Clipboard Auto-Clear
-Documentation=Clears clipboard to prevent sensitive data persistence
+# Clears clipboard to reduce sensitive data persistence on the desktop host
 
 [Service]
 Type=oneshot

files/system/usr/lib/systemd/system/secure-ai-clipboard-clear.timer

@@ -1,6 +1,6 @@
 [Unit]
 Description=Periodic Clipboard Clear (every 60 seconds)
-Documentation=Prevents sensitive data from persisting on clipboard
+# Prevents sensitive data from persisting on the clipboard between uses
 
 [Timer]
 OnBootSec=2min

files/system/usr/lib/systemd/system/secure-ai-gpu-integrity-watch.service

@@ -48,6 +48,10 @@ RestrictRealtime=yes
 CapabilityBoundingSet=CAP_SYS_RAWIO
 AmbientCapabilities=
 
+# Network restriction — probes are limited to localhost services
+IPAddressDeny=any
+IPAddressAllow=localhost
+
 # Namespace restrictions
 RestrictNamespaces=yes
 RestrictAddressFamilies=AF_UNIX AF_INET

files/system/usr/lib/systemd/system/secure-ai-incident-recorder.service

@@ -52,6 +52,10 @@ RestrictAddressFamilies=AF_UNIX AF_INET
 PrivateUsers=yes
 PrivateNetwork=no
 
+# Network restriction — recorder only serves and calls local control-plane APIs
+IPAddressDeny=any
+IPAddressAllow=localhost
+
 # Syscall filtering
 SystemCallFilter=@system-service
 SystemCallFilter=~@privileged @resources @mount @clock @debug @swap @reboot @raw-io @module @cpu-emulation @obsolete

files/system/usr/lib/systemd/system/secure-ai-integrity-monitor.service

@@ -56,6 +56,10 @@ PrivateUsers=yes
 # PrivateNetwork=no — needs localhost HTTP for API and to read service binaries
 PrivateNetwork=no
 
+# Network restriction — monitor only exposes and reaches localhost APIs
+IPAddressDeny=any
+IPAddressAllow=localhost
+
 # Syscall filtering
 SystemCallFilter=@system-service
 SystemCallFilter=~@privileged @resources @mount @clock @debug @swap @reboot @raw-io @module @cpu-emulation @obsolete

files/system/usr/lib/systemd/system/secure-ai-quarantine-watcher.service

@@ -48,6 +48,10 @@ RestrictRealtime=yes
 CapabilityBoundingSet=
 AmbientCapabilities=
 
+# Network restriction — watcher only calls local registry and smoke-test endpoints
+IPAddressDeny=any
+IPAddressAllow=localhost
+
 # Namespace restrictions
 RestrictNamespaces=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6

files/system/usr/lib/systemd/system/secure-ai-runtime-attestor.service

@@ -59,6 +59,10 @@ PrivateUsers=yes
 # and needs to exec tpm2_pcrread and rpm-ostree (external commands)
 PrivateNetwork=no
 
+# Network restriction — attestor may only reach localhost peers
+IPAddressDeny=any
+IPAddressAllow=localhost
+
 # Syscall filtering
 SystemCallFilter=@system-service
 SystemCallFilter=~@privileged @resources @mount @clock @debug @swap @reboot @raw-io @module @cpu-emulation @obsolete

files/system/usr/lib/systemd/system/secure-ai-search-mediator.service

@@ -45,6 +45,10 @@ RestrictRealtime=yes
 CapabilityBoundingSet=
 AmbientCapabilities=
 
+# Network restriction — mediator only talks to local SearXNG
+IPAddressDeny=any
+IPAddressAllow=localhost
+
 # Namespace restrictions
 RestrictNamespaces=yes
 RestrictAddressFamilies=AF_INET AF_UNIX