Harden systemd unit file

2019-03-06 19:22:10 +00:00 · 2019-03-06 19:22:10 +00:00 · 46e83bcb68
commit 46e83bcb68
parent f945ec7913
1 changed files with 10 additions and 0 deletions
--- a/contrib/lgregmapper.service
+++ b/contrib/lgregmapper.service
@ -14,6 +14,16 @@ User=lglass
 Group=lglass
 Type=simple
 Restart=on-failure
+# service hardening
+ProtectSystem=strict
+NoNewPrivileges=yes
+ProtectControlGroups=yes
+PrivateTmp=yes
+PrivateDevices=yes
+DevicePolicy=closed
+MemoryDenyWriteExecute=yes
+ProtectHome=true
+#
 ExecStart=/opt/lgregmapper/lgregmapper -b ":11211"
     
 #########################################################################