mirror of
https://github.com/YunoHost-Apps/mautrix_whatsapp_ynh.git
synced 2024-09-03 19:46:01 +02:00
Add systemd recommended hardening
This commit is contained in:
Dante
parent
2917c74108
commit
ae73a9aab3
1 changed files with 22 additions and 0 deletions
|
|
@ -11,5 +11,27 @@ ExecStart=/opt/yunohost/__APP__/mautrix-whatsapp -c=/opt/yunohost/__APP__/config
|
|||
Restart=always
|
||||
RestartSec=3
|
||||
|
||||
# Optional hardening to improve security
|
||||
ReadWritePaths=/opt/mautrix-whatsapp
|
||||
NoNewPrivileges=yes
|
||||
MemoryDenyWriteExecute=true
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectHome=yes
|
||||
ProtectSystem=strict
|
||||
ProtectControlGroups=true
|
||||
RestrictSUIDSGID=true
|
||||
RestrictRealtime=true
|
||||
LockPersonality=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelModules=true
|
||||
PrivateUsers=true
|
||||
ProtectClock=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallFilter=@system-service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue