From 0ce4979d5037b111aa9698ed5552135bf0ed7165 Mon Sep 17 00:00:00 2001
From: Jibec <jean-baptiste@holcroft.fr>
Date: Thu, 6 Sep 2018 13:47:45 +0200
Subject: [PATCH] strenghen systemd security, thanks archlinux

---
 conf/systemd.service | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/conf/systemd.service b/conf/systemd.service
index 3a10453..f336a02 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -13,6 +13,14 @@ Environment=NODE_ENV=production
 Environment=HOME=__NODEPATH__
 ExecStart=__FINALPATH__/bin/kresus.js --config __FINALPATH__/config.ini
 Restart=always
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=strict
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ReadWritePaths=__FINALPATH__/config.ini __FINALPATH__/data/
 
 StandardOutput=syslog
 StandardError=syslog