Skip to content

Commit

Permalink
Merge pull request #425 from martin-belanger/systemd-hardening
Browse files Browse the repository at this point in the history
systemd: Harden stafd/stacd service files
  • Loading branch information
martin-belanger authored Apr 29, 2024
2 parents a0f6948 + adae004 commit 402ef62
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
9 changes: 9 additions & 0 deletions usr/lib/systemd/system/stacd.in.service
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,14 @@ RuntimeDirectory=stacd
CacheDirectory=stacd
RuntimeDirectoryPreserve=yes

ProtectHome=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
ProtectProc=invisible
RestrictRealtime=true
LockPersonality=yes
MemoryDenyWriteExecute=yes

[Install]
WantedBy=multi-user.target
9 changes: 9 additions & 0 deletions usr/lib/systemd/system/stafd.in.service
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,14 @@ RuntimeDirectory=stafd
CacheDirectory=stafd
RuntimeDirectoryPreserve=yes

ProtectHome=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
ProtectProc=invisible
RestrictRealtime=true
LockPersonality=yes
MemoryDenyWriteExecute=yes

[Install]
WantedBy=multi-user.target

0 comments on commit 402ef62

Please sign in to comment.