fripost-ansible/roles/common/files/etc/systemd/system, branch master

Improve Debian 11's fail2ban rules.

2022-12-18T12:29:34+00:00

Port baseline to Debian 11 (codename Bullseye).

2022-10-13T20:12:05+00:00

Bacula: refactor systemd service files.

2020-11-03T02:37:11+00:00

Use unit overrides on top of upstream's service files instead of
overriding entire service files.  In particular, upstream uses flag `-P`
so we don't need to use RuntimeDirectory= anymore.

stunnel4: Harden and socket-activate.

2020-05-18T13:51:54+00:00

Upgrade baseline to Debian 10.

2020-05-16T03:45:59+00:00

Improve/harden fail2ban configuration.

2020-01-25T00:57:05+00:00

 * Use nftables sets with a timeout
 * Start daemon with a hardened unit file and restricted Capability
   Bounding Set.  (This requires to change the log path to
   /var/log/fail2ban/*.)
 * Skip database as we don't care about persistence.
 * Refactor jail.local

systemd.service: Tighten hardening options.

2018-12-09T19:25:40+00:00

bacula-*.service: Don't fork in the background.

2018-12-09T19:25:39+00:00

Inspired from /lib/systemd/system/bacula-fd.service.

systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.

2018-12-09T19:25:39+00:00

And remove ‘ReadOnlyDirectories=/’ as it's implied by ‘ProtectSystem=strict’.

/lib/systemd/system → /etc/systemd/system

2017-05-31T15:39:57+00:00