9b6db16 systemd: Add example service hardening — heartwood

Radicle Heartwood Protocol & Stack

systemd: Add example service hardening

srestegosaurio committed 8 months ago

commit 9b6db1648eeef7777f85e367d26d2116c840359e
parent 6065ca036177ab5b6545e32e7ecd0a633e1b51f1

2 files changed +9 -0

modified systemd/system/radicle-node.service

@@ -25,6 +25,11 @@ Environment=RAD_HOME=/home/seed/.radicle RUST_BACKTRACE=1 RUST_LOG=info

 KillMode=process
 Restart=always
 RestartSec=3
 # Basic hardening options. For more please refer to `systemd-analyze security`.
 PrivateTmp=true
 ProtectSystem=strict
 NoNewPrivileges=true
 MemoryDenyWriteExecute=true
 [Install]
 WantedBy=multi-user.target

modified systemd/user/radicle-node.service

@@ -18,6 +18,10 @@ Environment=RUST_LOG=info

 KillMode=process
 Restart=always
 RestartSec=3
 # Basic hardening options. For more please refer to `systemd-analyze security`.
 PrivateTmp=true
 ProtectHome=true
 MemoryDenyWriteExecute=true
 [Install]
 WantedBy=default.target