97552e1 systemd: add example service hardening — heartwood

Radicle Heartwood Protocol & Stack

systemd: add example service hardening

✓ CI success srestegosaurio committed 8 months ago

commit 97552e11cfce2ff345d3a9f7a5853d1b07e5a5f8
parent 19a262d3d67ea92a37ceaf18e79a783d8e65ccdd

4 passed (4 total) View logs

2 files changed +9 -0

modified systemd/system/radicle-node.service

@@ -25,6 +25,11 @@ Environment=RAD_HOME=/home/seed/.radicle RUST_BACKTRACE=1 RUST_LOG=info

 KillMode=process
 Restart=always
 RestartSec=3
 # Basic hardening options. For more please refer to `systemd-analyze security`.
 PrivateTmp=true
 ProtectSystem=strict
 NoNewPrivileges=true
 MemoryDenyWriteExecute=true
 [Install]
 WantedBy=multi-user.target

modified systemd/user/radicle-node.service

@@ -18,6 +18,10 @@ Environment=RUST_LOG=info

 KillMode=process
 Restart=always
 RestartSec=3
 # Basic hardening options. For more please refer to `systemd-analyze security`.
 PrivateTmp=true
 ProtectHome=true
 MemoryDenyWriteExecute=true
 [Install]
 WantedBy=default.target