diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-09 18:15:10 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-09 20:25:40 +0100 |
| commit | 2147ff3bd9091b88960e2243b2d7d76d03cadc89 (patch) | |
| tree | fa970590ab58a1d42913deccbca3adef05eaae83 /roles/munin-master/files/etc/systemd | |
| parent | 2845af5f76ad3be9c0a1f69ab478ff5a08346a4c (diff) | |
systemd.service: Tighten hardening options.
Diffstat (limited to 'roles/munin-master/files/etc/systemd')
| -rw-r--r-- | roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service | 6 | ||||
| -rw-r--r-- | roles/munin-master/files/etc/systemd/system/munin-cgi-html.service | 6 |
2 files changed, 12 insertions, 0 deletions
diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service index c8a3609..b8e6012 100644 --- a/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service @@ -17,6 +17,12 @@ ProtectHome=yes ProtectSystem=strict ReadWriteDirectories=-/var/log/munin ReadWriteDirectories=-/var/lib/munin/cgi-tmp/munin-cgi-graph +PrivateDevices=yes +PrivateNetwork=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies= [Install] WantedBy=multi-user.target diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service index 3c0c0e5..0e66b3f 100644 --- a/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service @@ -16,6 +16,12 @@ PrivateDevices=yes ProtectHome=yes ProtectSystem=strict ReadWriteDirectories=-/var/log/munin +PrivateDevices=yes +PrivateNetwork=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies= [Install] WantedBy=multi-user.target |