Skip to content
Snippets Groups Projects
Commit 715507b5 authored by ale's avatar ale
Browse files

Add systemd hardening to sso-server

parent 929bcfd5
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
debian/sso-server.service
+ 10
1
View file @ 715507b5
[Unit] [Unit]
Description=SSO Server Description=SSO Server
After=auth-server.socket After=network.target auth-server.socket
[Service] [Service]
User=sso-server User=sso-server
...@@ -9,6 +9,15 @@ EnvironmentFile=-/etc/default/sso-server ...@@ -9,6 +9,15 @@ EnvironmentFile=-/etc/default/sso-server
ExecStart=/usr/bin/sso-server --addr $ADDR ExecStart=/usr/bin/sso-server --addr $ADDR
Restart=always Restart=always
# Hardening
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment