You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
754 B
754 B
[Unit] Description=Executable Guardian for %I After=network.target StartLimitIntervalSec=60 StartLimitBurst=3
[Service] ExecStart=/usr/local/bin/execguard --%I Restart=on-failure RestartSec=2 SuccessExitStatus=0 4 RestartForceExitStatus=0 4
Hardening
MemoryDenyWriteExecute=true NoNewPrivileges=true SystemCallArchitectures=native RestrictSUIDSGID=yes RestrictRealtime=yes
ReadWritePaths=/etc/execguard
#ProtectProc=invisible #ProtectSystem=no #LockPersonality=no #PrivateDevices=no #ProtectKernelModules=no #ProtectKernelTunables=no #ProtectControlGroups=no #ProtectClock=yes #ProtectHostname=yes #RestrictNamespaces=yes #DevicePolicy=closed #PrivateNetwork=no Don't enable! #PrivateTmp=false Don't enable!
[Install] WantedBy=multi-user.target