A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
monodot
/ systemd_service_hardening.md
Created
September 23, 2022 12:12
— forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units
monodot
/ download-live-site.sh
Created
November 18, 2017 13:38
Script to download MySQL database & files from live to development server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #=============================================================================== | |
| # This is a template for a script I use on a lot of sites to copy the database | |
| # (MySQL) and any uploaded files to the development site, and modify the | |
| # database as required. | |
| # | |
| # The script should be on the development server. The live site can either be on | |
| # the same server, or a remote server connected via SSH. | |
| # |
monodot
/ extract-certificate.sh
Created
March 15, 2017 14:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| set -e # fail on unhandled error | |
| set -u # fail on undefined variable | |
| #set -x # debug | |
| alias command_exists="type >/dev/null 2>&1" | |
| if command_exists curl; then |