1
0
Fork 0

Systemd service file was moved to init dir. Program renamed. Added all security tweaks used in other projects.

master
Alexander Andreev 4 months ago
parent 992c46420c
commit 9e72398daa
Signed by: Arav
GPG Key ID: 0388CC8FAA51063F

@ -1,13 +0,0 @@
[Unit]
Description=HTTPProcWatchD
After=network.target
[Service]
Type=simple
DynamicUser=yes
Restart=on-failure
ExecStart=/usr/bin/httpprocwatchd --config /etc/httpprocwatchd/config.conf
ExecReload=kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

@ -0,0 +1,35 @@
[Unit]
Description=HTTPProcProbeD
After=network.target
[Service]
Type=simple
DynamicUser=yes
Restart=on-failure
ExecStart=/usr/bin/httpprocprobed -c /etc/httpprocprobed.conf
ExecReload=kill -HUP $MAINPID
ReadOnlyPaths=/
AmbientCapabilities=
CapabilityBoundingSet=
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target
Loading…
Cancel
Save