commit 89c3e39b4f202d6bfe804ccb7292bb6f12a14d20 (tree) parent 33faf4b606a1387d21c67306befacc986a8a8aac Author: Motiejus Jakštys <desired.mta@gmail.com> Date: Sun, 12 Apr 2020 14:30:39 +0300 hardening nginx Diffstat:
| A | root/iot3/etc/systemd/system/nginx.service.d/hardening.conf | | | 15 | +++++++++++++++ |
1 file changed, 15 insertions(+), 0 deletions(-)
diff --git a/root/iot3/etc/systemd/system/nginx.service.d/hardening.conf b/root/iot3/etc/systemd/system/nginx.service.d/hardening.conf @@ -0,0 +1,15 @@ +[Service] +ProtectSystem=strict +PrivateTmp=true +SystemCallArchitectures=native +MemoryDenyWriteExecute=true +NoNewPrivileges=true +ProtectControlGroups=true +ProtectKernelModules=true +ProtectKernelTunables=true +PrivateDevices=true +ProtectHome=tmpfs + +BindPaths=/run +BindPaths=/var/log/nginx +BindPaths=/home/motiejus/.dotfiles/root/nginx/