Skip to content

Instantly share code, notes, and snippets.

View charbonnierg's full-sized avatar

Guillaume Charbonnier charbonnierg

12 followers · 0 following
  • Araymond
  • Grenoble
  • 14:17 (UTC +02:00)
View GitHub Profile
@charbonnierg
charbonnierg / systemd_service_hardening.md
Created November 25, 2021 21:25 — forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict