dc5b262 systemd: Add example service hardening — heartwood

Radicle Heartwood Protocol & Stack

systemd: Add example service hardening

srestegosaurio committed 8 months ago

commit dc5b26261d0ac230b98239b7962bdb9878c77759
parent b7f4aaa19144536ca357f415bafb44643beedb78

2 files changed +9 -0

modified systemd/system/radicle-node.service

@@ -25,6 +25,11 @@ Environment=RAD_HOME=/home/seed/.radicle RUST_BACKTRACE=1 RUST_LOG=info

 KillMode=process
 Restart=always
 RestartSec=3
 # Basic hardening options. For more please refer to `systemd-analyze security`.
 PrivateTmp=true
 ProtectSystem=strict
 NoNewPrivileges=true
 MemoryDenyWriteExecute=true
 [Install]
 WantedBy=multi-user.target

modified systemd/user/radicle-node.service

@@ -18,6 +18,10 @@ Environment=RUST_LOG=info

 KillMode=process
 Restart=always
 RestartSec=3
 # Basic hardening options. For more please refer to `systemd-analyze security`.
 PrivateTmp=true
 ProtectHome=true
 MemoryDenyWriteExecute=true
 [Install]
 WantedBy=default.target