maxmustermann/dogecoin
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge #12102: Apply hardening measures in bitcoind systemd service file

Browse source 
79ddfad Apply hardening measurements in bitcoind systemd service file (Florian Schmaus)

Pull request description:

  Adds typical systemd hardening measurements for network services.

Tree-SHA512: 63e54d5a2e3e625c123c91e4392474226ec26c48709f2627f4d9d257a59f6960dd53ba4faa10cd355a89cad37fe351e2dbe8db79e681645b59081cf83e940438
This commit is contained in:
Wladimir J. van der Laan 2018-03-14 14:47:49 +01:00
parent c4219ff378 79ddfad486
commit 7fb8fb43a6
No known key found for this signature in database
GPG key ID: 1E4AED62986CD25D
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
contrib/init/bitcoind.service
View file

@ -19,7 +19,26 @@ User=bitcoin
Type=forking
PIDFile=/run/bitcoind/bitcoind.pid
Restart=on-failure
# Hardening measures
####################
# Provide a private /tmp and /var/tmp.
PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full
# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target