blob: c673dff62835d2e61c3454e7cce6bc5c40a1cf7b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
[Unit]
Description=Hellpot
[Service]
Type=simple
User=hellpot
Group=hellpot
WorkingDirectory=/etc/hellpot
ExecStart=/usr/bin/hellpot
ProtectSystem=strict
ProtectHome=on
ReadWritePaths=/run/hellpot/ /var/log/hellpot/
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_PTRACE CAP_SYS_TIME CAP_NET_ADMIN CLONE_NEWUSER CAP_SYS_NICE CAP_SYS_RESOURCE CAP_KILL
PrivateUsers=on
PrivateDevices=on
DeviceAllow=
ProtectClock=on
ProtectKernelTunables=on
ProtectKernelModules=on
ProtectKernelLogs=on
ProtectControlGroups=on
PrivateTmp=on
NoNewPrivileges=on
RestrictSUIDSGID=on
RestrictNamespaces=uts ipc pid user cgroup
PrivateNetwork=off
[Install]
WantedBy=multi-user.target
|