Stage/ansible_playbooks
4
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Convert setup_iptables to ansible role + Fix usertwist group don't exist error + Hardened Systemd unit #5

Closed
Mateo wants to merge 10 commits from dev into main
pull from: dev
merge into: Stage:main
Conversation 5 Commits 10 Files Changed 7 +109 -20
7 changed files with 109 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 2082ccb5b5 - Show all commits

12
files/usertwist.service
View File

@@ -5,6 +5,16 @@ Description=Simple Web Service
User=usertwist
Group=usertwist
ExecStart=/usr/local/bin/usertwist
PrivateTmp=yes
NoNewPrivileges=true
RestrictNamespaces=uts ipc pid user cgroup
ProtectSystem=strict
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
PrivateDevices=yes
RestrictSUIDSGID=true
Mateo marked this conversation as resolved
papey commented 2024-07-31 15:46:58 +00:00
Review
Copy Link

What about ProtectHome ?

What about `ProtectHome` ?
[Install]
WantedBy=multi-user.target
WantedBy=multi-user.target