A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DO WHAT THE HECK YOU WANT TO PUBLIC LICENSE | |
| Version 4, October 2019 | |
| Copyright (C) 2004 Sam Hocevar <sam@hocevar.net> | |
| Copyright (C) 2013 Ben McGinnes <ben@adversary.org> | |
| Copyright (C) 2019 Hexawolf <hexawolfie@gmail.com> | |
| Everyone is permitted to copy and distribute verbatim or | |
| modified copies of this license document, and changing it is | |
| allowed as long as the name is changed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // mqttc.go - Simple MQTT client application for testing purposes. | |
| // Copyright (c) 2019 Hexawolf | |
| // | |
| // Permission is hereby granted, free of charge, to any person obtaining | |
| // a copy of this software and associated documentation files | |
| // (the "Software"), to deal in the Software without restriction, | |
| // including without limitation the rights to use, copy, modify, merge, | |
| // publish, distribute, sublicense, and/or sell copies of the Software, | |
| // and to permit persons to whom the Software is furnished to do so, | |
| // subject to the following conditions: |
ageis
/ systemd_service_hardening.md
Last active
July 19, 2024 22:23
Options for hardening systemd service units
epcim
/ action_gnutls_scripted.md
Last active
February 3, 2024 18:50
gnutls certtool ssl tls openssl
this directory holds CA key + wildcard certificates created for new infrastructure the CA key/cert is "ca-cert.pem/key"
TODO:
- create scripts to re-generate client certificates based on NEW CA
- develop procedure to generate client/server certs from template (partialy done)
- develop procedure to generate clr files + revocate certificate + distribute them on public places
There are certain files created by particular editors, IDEs, operating systems, etc., that do not belong in a repository. But adding system-specific files to the repo's .gitignore is considered a poor practice. This file should only exclude files and directories that are a part of the package that should not be versioned (such as the node_modules directory) as well as files that are generated (and regenerated) as artifacts of a build process.
All other files should be in your own global gitignore file:
- Create a file called
.gitignorein your home directory and add any filepath patterns you want to ignore. - Tell git where your global gitignore file is.
Note: The specific name and path you choose aren't important as long as you configure git to find it, as shown below. You could substitute
.config/git/ignorefor.gitignorein your home directory, if you prefer.