A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
ansemjo
/ systemd_service_hardening.md
Created
May 20, 2022 14:36
— forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units
ansemjo
/ s3put.sh
Last active
November 25, 2022 07:18
— forked from chrismdp/s3.sh
uploading files to S3 in shell with a little bit of curl and openssl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # https://gist.github.com/ansemjo/cc113ced5d133c018e95079ddb003bb0 | |
| set -e -o pipefail | |
| usage() { cat >&2 <<USAGE | |
| usage: s3put [-a acl] [-p pinnedkey] [-h] endpoint file objectpath | |
| -a acl : use a different acl for uploaded files | |
| -p pinnedkey : sha256 pinned public key for certificate validation | |
| -h : display this help | |
| endpoint : endpoint url, e.g. https://s3.exmaple.com:9000 |
ansemjo
/ ssh-auth-sock.service
Last active
February 19, 2024 03:00
— forked from xenithorb/ssh-auth-sock.service
systemd user unit to set SSH_AUTH_SOCK variable for X11/Wayland/GNOME and make it work with GnuPG agent
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Place this file in ~/.config/systemd/user/ssh-auth-sock.service | |
| # $ systemctl --user daemon-reload | |
| # $ systemctl --user enable --now ssh-auth-sock.service | |
| # Add 'echo UPDATESTARTUPTTY | gpg-connect-agent >/dev/null' in your ~/.bashrc. | |
| # Logout or reboot. | |
| [Unit] | |
| Description=Set SSH_AUTH_SOCK to GnuPG agent | |
| [Service] |
ansemjo
/ install-pacaur.sh
Last active
May 23, 2017 20:37
— forked from rumpelsepp/install-pacaur.sh
A small script for arch linux which builds and installs "pacaur" automatically
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # LICENSE AT END OF FILE | |
| # | |
| # This is a script to automatically install pacaur from the AUR. It is | |
| # intended for fresh systems with no other means to install from AUR. | |
| # Theoretically, this script can install other packages too. Just modify | |
| # the $aurpkgs variable below. | |
| # |