systemd.service: Tighten hardening options.

author: Guilhem Moulin <guilhem@fripost.org> 2018-12-09 18:15:10 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2018-12-09 20:25:40 +0100
commit: 2147ff3bd9091b88960e2243b2d7d76d03cadc89 (patch)
tree: fa970590ab58a1d42913deccbca3adef05eaae83 /roles/IMAP/files/etc/systemd
parent: 2845af5f76ad3be9c0a1f69ab478ff5a08346a4c (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
index 7e790e3..d20f9c2 100644
--- a/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
+++ b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
@@ -15,6 +15,11 @@ NoNewPrivileges=yes
 PrivateDevices=yes
 ProtectSystem=strict
 ProtectHome=read-only
+PrivateDevices=yes
+PrivateNetwork=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
 RestrictAddressFamilies=
 
 [Install]
author	Guilhem Moulin <guilhem@fripost.org>	2018-12-09 18:15:10 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2018-12-09 20:25:40 +0100
commit	2147ff3bd9091b88960e2243b2d7d76d03cadc89 (patch)
tree	fa970590ab58a1d42913deccbca3adef05eaae83 /roles/IMAP/files/etc/systemd
parent	2845af5f76ad3be9c0a1f69ab478ff5a08346a4c (diff)