1 files changed, 29 insertions, 1 deletions

diff --git a/prometheus-ipmi-exporter.service b/prometheus-ipmi-exporter.service
index fefd63dbb3b6..632877fc8428 100644
--- a/prometheus-ipmi-exporter.service
+++ b/prometheus-ipmi-exporter.service
@@ -10,8 +10,36 @@ ExecReload=/bin/kill -HUP $MAINPID
 User=ipmi-exporter
 Group=ipmi-exporter
 Restart=on-failure
+RestartSec=5s
+
 NoNewPrivileges=true
-ProtectSystem=true
+LimitNOFILE=1048576
+UMask=0077
+
+ProtectSystem=strict
+ProtectHome=true
+PrivateUsers=yes
+PrivateTmp=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RemoveIPC=true
+CapabilityBoundingSet=
+AmbientCapabilities=
+
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+SystemCallArchitectures=native
 
 [Install]
 WantedBy=multi-user.target