Enable systemd hardening options for named
Ludovic Gasc
gmludo at gmail.com
Tue Jan 16 09:24:13 UTC 2018
2018-01-16 10:22 GMT+01:00 Reindl Harald <h.reindl at thelounge.net>:
>
>
> Am 16.01.2018 um 10:20 schrieb Ludovic Gasc:
>
>> 2018-01-15 19:11 GMT+01:00 Reindl Harald <h.reindl at thelounge.net <mailto:
>> h.reindl at thelounge.net>>:
>>
>>
>> ReadOnlyDirectories=/etc
>> ReadOnlyDirectories=/usr
>>
>>
>> FYI, you can use ProtectSystem=strict to have more strict rules for the
>> root filesystem:
>> https://www.freedesktop.org/software/systemd/man/systemd.exe
>> c.html#ProtectSystem=
>>
>
> in reality i go even mor far and start with ReadOnlyDirectories=/ followed
> by selective multiple "ReadWriteDirectories=" and a ton of
> "InaccessibleDirectories=" but that's out of scope here because it depends
> too much on the local environment :-)
Ok ;-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180116/1fe47e49/attachment.html>
More information about the bind-users
mailing list