25decf1 systemd: Add example service hardening — heartwood

Radicle Heartwood Protocol & Stack

systemd: Add example service hardening

srestegosaurio committed 8 months ago

commit 25decf16175682bb3ab22f05a309d02bc4a22bf6
parent d7aa2d9da2dd3144a22abb32be582df658178def

2 files changed +9 -0

modified systemd/system/radicle-node.service

@@ -25,6 +25,11 @@ Environment=RAD_HOME=/home/seed/.radicle RUST_BACKTRACE=1 RUST_LOG=info

 KillMode=process
 Restart=always
 RestartSec=3
 # Basic hardening options. For more please refer to `systemd-analyze security`.
 PrivateTmp=true
 ProtectSystem=strict
 NoNewPrivileges=true
 MemoryDenyWriteExecute=true
 [Install]
 WantedBy=multi-user.target

modified systemd/user/radicle-node.service

@@ -18,6 +18,10 @@ Environment=RUST_LOG=info

 KillMode=process
 Restart=always
 RestartSec=3
 # Basic hardening options. For more please refer to `systemd-analyze security`.
 PrivateTmp=true
 ProtectHome=true
 MemoryDenyWriteExecute=true
 [Install]
 WantedBy=default.target