Enable systemd hardening options for named
Reindl Harald
h.reindl at thelounge.net
Tue Jan 16 09:22:44 UTC 2018
Am 16.01.2018 um 10:20 schrieb Ludovic Gasc:
> 2018-01-15 19:11 GMT+01:00 Reindl Harald <h.reindl at thelounge.net
> <mailto:h.reindl at thelounge.net>>:
>
>
> ReadOnlyDirectories=/etc
> ReadOnlyDirectories=/usr
>
>
> FYI, you can use ProtectSystem=strict to have more strict rules for the
> root filesystem:
> https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=
in reality i go even mor far and start with ReadOnlyDirectories=/
followed by selective multiple "ReadWriteDirectories=" and a ton of
"InaccessibleDirectories=" but that's out of scope here because it
depends too much on the local environment :-)
More information about the bind-users
mailing list