diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-05-20 15:46:27 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-05-21 03:40:53 +0200 |
commit | 6d1daa0424c168eae4bfa9f6772add3f77ec506f (patch) | |
tree | a45e83f4fefa0a3976c534078d26d3ff003e9935 /roles/MSA/files/etc/systemd/system | |
parent | 5118f8d3394579a245b355c863c69410fe92e26e (diff) |
postfix-sender-login: Better hardening.
Run as a dedicated user, not ‘postfix’.
Diffstat (limited to 'roles/MSA/files/etc/systemd/system')
-rw-r--r-- | roles/MSA/files/etc/systemd/system/postfix-sender-login.service | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/roles/MSA/files/etc/systemd/system/postfix-sender-login.service b/roles/MSA/files/etc/systemd/system/postfix-sender-login.service index f5e6d89..d652f75 100644 --- a/roles/MSA/files/etc/systemd/system/postfix-sender-login.service +++ b/roles/MSA/files/etc/systemd/system/postfix-sender-login.service @@ -4,8 +4,7 @@ After=mail-transport-agent.target Requires=postfix-sender-login.socket [Service] -User=postfix -Group=postfix +User=_postfix-sender-login StandardInput=null SyslogFacility=mail ExecStart=/usr/local/bin/postfix-sender-login.pl @@ -13,10 +12,9 @@ ExecStart=/usr/local/bin/postfix-sender-login.pl # Hardening NoNewPrivileges=yes PrivateDevices=yes +PrivateNetwork=yes ProtectHome=yes ProtectSystem=strict -PrivateDevices=yes -PrivateNetwork=yes ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes |