A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
Christoph Sir-Photch
🤬
- gemini://sir-photch.xyz
- https://sir-photch.xyz/@christoph
- https://matrix.to/#/@christoph:sir-photch.xyz
ageis
/ systemd_service_hardening.md
Last active
July 19, 2024 22:23
Options for hardening systemd service units
kescherCode
/ daemon
Last active
December 4, 2023 11:18
A rrdtool network graph generator, as seen on https://mirror.kescher.at.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| while :; do | |
| bash loop | |
| sleep 5 | |
| done |