Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Port baseline to Debian 11 (codename Bullseye). | Guilhem Moulin | 2022-10-13 | 1 |
| | ||||
* | Bacula: refactor systemd service files. | Guilhem Moulin | 2020-11-03 | 1 |
| | | | | | | Use unit overrides on top of upstream's service files instead of overriding entire service files. In particular, upstream uses flag `-P` so we don't need to use RuntimeDirectory= anymore. | |||
* | stunnel4: Harden and socket-activate. | Guilhem Moulin | 2020-05-18 | 1 |
| | ||||
* | Upgrade baseline to Debian 10. | Guilhem Moulin | 2020-05-16 | 2 |
| | ||||
* | Improve/harden fail2ban configuration. | Guilhem Moulin | 2020-01-25 | 1 |
| | | | | | | | | | * Use nftables sets with a timeout * Start daemon with a hardened unit file and restricted Capability Bounding Set. (This requires to change the log path to /var/log/fail2ban/*.) * Skip database as we don't care about persistence. * Refactor jail.local | |||
* | systemd.service: Tighten hardening options. | Guilhem Moulin | 2018-12-09 | 2 |
| | ||||
* | bacula-*.service: Don't fork in the background. | Guilhem Moulin | 2018-12-09 | 1 |
| | | | | Inspired from /lib/systemd/system/bacula-fd.service. | |||
* | systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’. | Guilhem Moulin | 2018-12-09 | 2 |
| | | | | And remove ‘ReadOnlyDirectories=/’ as it's implied by ‘ProtectSystem=strict’. | |||
* | /lib/systemd/system → /etc/systemd/system | Guilhem Moulin | 2017-05-31 | 3 |