sqrt1764/ansible-role-lstu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Füge hardening-Optionen zu system-Service hinzu

Browse source
This commit is contained in:
phil 2022-12-13 16:47:31 +01:00
parent 8f169507df
commit 08695038f9
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
templates/lstu.service.j2
View file

@ -14,5 +14,14 @@ ExecStart=/usr/bin/carton exec hypnotoad script/lstu
ExecStop=/usr/bin/carton exec hypnotoad -s script/lstu
ExecReload=/usr/bin/carton exec hypnotoad script/lstu
# Hardening
CapabilityBoundingSet=
PrivateMounts=true
PrivateTmp=true
ProtectControlGroups=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=-{{ lstu.path }}
[Install]
WantedBy=multi-user.target