commit b151d58ca626255a934d62647b35e80d497f76a2 (tree) parent 211016fd29ae02ebd98b4bfa2a956abcb04b8ee8 Author: Motiejus Jakštys <desired.mta@gmail.com> Date: Sun, 12 Apr 2020 09:06:44 +0300 hardening Diffstat:
3 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/root/rslsync/etc/systemd/system/rslsync@.service b/root/rslsync/etc/systemd/system/rslsync@.service @@ -11,5 +11,13 @@ Restart=always ExecStartPre=/etc/resilio-sync/init_user_config.sh ExecStart=/usr/bin/rslsync --nodaemon --config /home/%i/.config/resilio-sync/config.json +# Hardening +ProtectSystem=full +PrivateTmp=true +SystemCallArchitectures=native +MemoryDenyWriteExecute=true +NoNewPrivileges=true +#ProtectHome=yes + [Install] WantedBy=multi-user.target diff --git a/root/rslsync/etc/systemd/system/rslsync@.service b/root/rslsync/etc/systemd/system/rslsync@.service~ diff --git a/root/syncthing/etc/systemd/system/syncthing@.service.d/hardening.conf b/root/syncthing/etc/systemd/system/syncthing@.service.d/hardening.conf @@ -0,0 +1,2 @@ +[Service] +#ProtectHome=yes