Update Systemd security settings

cronie-crond · Mar 12, 2024 · c45e77c · c45e77c
1 parent 24e7c0a
commit c45e77c
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/contrib/cronie.systemd b/contrib/cronie.systemd
@@ -9,6 +9,24 @@ ExecReload=/bin/kill -URG $MAINPID
 KillMode=process
 Restart=on-failure
 RestartSec=30s
+KeyringMode=private
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=no
+PrivateDevices=no
+PrivateTmp=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=no
+ProtectHostname=yes
+ProtectKernelLogs=no
+ProtectKernelModules=yes
+ProtectKernelTunables=no
+ProtectProc=invisible
+ProtectSystem=no
+RestrictNamespaces=no
+RestrictRealtime=yes
+RestrictSUIDSGID=no
 
 [Install]
 WantedBy=multi-user.target