mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-09 11:41:33 -05:00
Improve unbound systemd hardening
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
af99058f4e
commit
c2ef5743a2
@ -10,9 +10,10 @@ ProtectControlGroups=true
|
|||||||
ProtectKernelLogs=true
|
ProtectKernelLogs=true
|
||||||
ProtectKernelModules=true
|
ProtectKernelModules=true
|
||||||
# This breaks using socket options like 'so-rcvbuf'. Explicitly disable for visibility.
|
# This breaks using socket options like 'so-rcvbuf'. Explicitly disable for visibility.
|
||||||
ProtectKernelTunables=false
|
ProtectKernelTunables=true
|
||||||
ProtectProc=invisible
|
ProtectProc=invisible
|
||||||
#ProtectSystem=strict
|
# ProtectSystem with strict does not work - need further testing.
|
||||||
|
ProtectSystem=full
|
||||||
#RuntimeDirectory=unbound
|
#RuntimeDirectory=unbound
|
||||||
#ConfigurationDirectory=unbound
|
#ConfigurationDirectory=unbound
|
||||||
#StateDirectory=unbound
|
#StateDirectory=unbound
|
||||||
|
@ -12,7 +12,8 @@ ProtectKernelModules=true
|
|||||||
# This breaks using socket options like 'so-rcvbuf'.
|
# This breaks using socket options like 'so-rcvbuf'.
|
||||||
ProtectKernelTunables=true
|
ProtectKernelTunables=true
|
||||||
ProtectProc=invisible
|
ProtectProc=invisible
|
||||||
#ProtectSystem=strict
|
# ProtectSystem with strict does not work - need further testing.
|
||||||
|
ProtectSystem=full
|
||||||
#RuntimeDirectory=unbound
|
#RuntimeDirectory=unbound
|
||||||
#ConfigurationDirectory=unbound
|
#ConfigurationDirectory=unbound
|
||||||
#StateDirectory=unbound
|
#StateDirectory=unbound
|
||||||
|
Loading…
Reference in New Issue
Block a user