balki/mail4one
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases 5 Wiki Activity

more systemd hardening

Browse Source
This commit is contained in:
Balakrishnan Balasubramanian
2023-06-24 21:17:47 -04:00
parent 95423ebf63
commit 7cb1b69744
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
deploy_configs/mail4one.service
View File

@@ -9,19 +9,20 @@ Requires=network-online.target
[Service] [Service]
User=mail4one User=mail4one
ExecStart=/usr/local/bin/mail4one --config /etc/mail4one/config.json ExecStart=/usr/local/bin/mail4one --config /etc/mail4one/config.json
AmbientCapabilities=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
NoNewPrivileges=yes
StateDirectory=mail4one/certs mail4one/mails StateDirectory=mail4one/certs mail4one/mails
StateDirectoryMode=0750 StateDirectoryMode=0750
UMask=
LogsDirectory=mail4one LogsDirectory=mail4one
WorkingDirectory=/var/lib/mail4one WorkingDirectory=/var/lib/mail4one
ProtectSystem=strict ProtectSystem=strict
PrivateTmp=true PrivateTmp=true
PrivateUsers=true
ProtectHome=yes ProtectHome=yes
NoNewPrivileges=yes ProtectProc=invisible
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target