Stage/ansible_playbooks
4
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Hardened systemd unit (4.8 score)

Browse Source
This commit is contained in:
Mateo
2024-07-30 14:44:15 +02:00
parent 5ebad367b4
commit 2082ccb5b5
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
files/usertwist.service
View File

@@ -5,6 +5,16 @@ Description=Simple Web Service
User=usertwist
Group=usertwist
ExecStart=/usr/local/bin/usertwist
PrivateTmp=yes
NoNewPrivileges=true
RestrictNamespaces=uts ipc pid user cgroup
ProtectSystem=strict
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
PrivateDevices=yes
RestrictSUIDSGID=true
[Install]
WantedBy=multi-user.target
WantedBy=multi-user.target