Useful OS Security Auditing Tool - Lynis

General Privacy & Security
2

Awesome ran it and checked my system for rootkits. It didnt find any glaring issues but the following services it complained about:

] Boot and services
  • Service Manager [ systemd ]
    • Boot loader [ NONE FOUND ]
  • Check running services (systemctl [ DONE ]
    Result: found 34 running services
  • Check enabled services at boot (systemctl) [ DONE ]
    Result: found 40 enabled services
  • Check startup files (permissions) [ OK ]
  • Running ‘systemd-analyze security’
    - ModemManager.service: [ MEDIUM ]
    - NetworkManager.service: [ EXPOSED ]
    - accounts-daemon.service: [ UNSAFE ]
    - alsa-state.service: [ UNSAFE ]
    - avahi-daemon.service: [ UNSAFE ]
    - bluetooth.service: [ MEDIUM ]
    - colord.service: [ EXPOSED ]
    - cpufrequtils.service: [ UNSAFE ]
    - cron.service: [ UNSAFE ]
    - dbus.service: [ UNSAFE ]
    - dm-event.service: [ UNSAFE ]
    - emergency.service: [ UNSAFE ]
    - gdm.service: [ UNSAFE ]
    - geoclue.service: [ EXPOSED ]
    - getty@tty1.service: [ UNSAFE ]
    - gnss-share.service: [ UNSAFE ]
    - grub-common.service: [ UNSAFE ]
    - iio-sensor-proxy.service: [ EXPOSED ]
    - inetd.service: [ UNSAFE ]
    - jitterentropy.service: [ PROTECTED ]
    - loadcpufreq.service: [ UNSAFE ]
    - lvm2-lvmpolld.service: [ UNSAFE ]
    - packagekit.service: [ UNSAFE ]
    - pcscd.service: [ UNSAFE ]
    - phosh.service: [ UNSAFE ]
    - plymouth-start.service: [ UNSAFE ]
    - polkit.service: [ UNSAFE ]
    - rc-local.service: [ UNSAFE ]
    - rescue.service: [ UNSAFE ]
    - rsync.service: [ EXPOSED ]
    - rtkit-daemon.service: [ MEDIUM ]
    - serial-getty@ttyGS0.service [ UNSAFE ]
    - serial-getty@ttymxc0.service: [ UNSAFE ]
    - shairport-sync.service: [ UNSAFE ]
    - snapd.service: [ UNSAFE ]
    - switcheroo-control.service: [ EXPOSED ]
    - syncthing@username.service: [ UNSAFE ]
    - systemd-ask-password-console.service: [ UNSAFE ]
    - systemd-ask-password-plymouth.service: [ UNSAFE ]
    - systemd-ask-password-wall.service: [ UNSAFE ]
    - systemd-fsckd.service: [ UNSAFE ]
    - systemd-initctl.service: [ UNSAFE ]
    - systemd-journald.service: [ PROTECTED ]
    - systemd-logind.service: [ PROTECTED ]
    - systemd-networkd.service: [ PROTECTED ]
    - systemd-resolved.service: [ PROTECTED ]
    - systemd-rfkill.service: [ UNSAFE ]
    - systemd-timesyncd.service: [ PROTECTED ]
    - systemd-udevd.service: [ EXPOSED ]
    - udisks2.service: [ UNSAFE ]
    - unattended-upgrades.service [ UNSAFE ]
    - upower.service: [ PROTECTED ]
    - user@1000.service: [ UNSAFE ]
    - user@116.service: [ UNSAFE ]
    - wpa_supplicant.service: [ UNSAFE ]

Any idea on testing the services and making sense of what lynis means by unsafe vs protected? Also are there any i cam safely disable and turn off?