Enable systemd hardening options for named

Reindl Harald h.reindl at thelounge.net
Tue Jan 16 09:22:44 UTC 2018



Am 16.01.2018 um 10:20 schrieb Ludovic Gasc:
> 2018-01-15 19:11 GMT+01:00 Reindl Harald <h.reindl at thelounge.net 
> <mailto:h.reindl at thelounge.net>>:
> 
> 
>     ReadOnlyDirectories=/etc
>     ReadOnlyDirectories=/usr
> 
> 
> FYI, you can use ProtectSystem=strict to have more strict rules for the 
> root filesystem:
> https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=

in reality i go even mor far and start with ReadOnlyDirectories=/ 
followed by selective multiple "ReadWriteDirectories=" and a ton of 
"InaccessibleDirectories=" but that's out of scope here because it 
depends too much on the local environment :-)


More information about the bind-users mailing list