init.d/service.fedora: Disable potentially-vulnerable kernel features

author: Nicolas Braud-Santoni <nicoo@debian.org> 2020-01-31 05:35:15 +0100
committer: Nicolas Braud-Santoni <nicolas@braud-santoni.eu> 2020-01-31 05:35:15 +0100
commit: 6f0da3041d921be632aecf4d945e3f072939a83b (patch)
tree: 4cf2fcdfaa40ddd659c9aff878a3b1a085fc43ef
parent: init.d/service.fedora: Protect the system (diff)
download: haveged-6f0da3041d921be632aecf4d945e3f072939a83b.tar.xz
haveged-6f0da3041d921be632aecf4d945e3f072939a83b.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/init.d/service.fedora b/init.d/service.fedora
index 2143a4f..5ce96de 100644
--- a/init.d/service.fedora
+++ b/init.d/service.fedora
@@ -20,6 +20,10 @@ ProtectHome=true
 ProtectHostname=true
 ProtectKernelLogs=true
 ProtectKernelModules=true
+RestrictNamespaces=true
+RestrictRealtime=true
+
+LockPersonality=true
 
 [Install]
 WantedBy=sysinit.target
author	Nicolas Braud-Santoni <nicoo@debian.org>	2020-01-31 05:35:15 +0100
committer	Nicolas Braud-Santoni <nicolas@braud-santoni.eu>	2020-01-31 05:35:15 +0100
commit	6f0da3041d921be632aecf4d945e3f072939a83b (patch)
tree	4cf2fcdfaa40ddd659c9aff878a3b1a085fc43ef
parent	init.d/service.fedora: Protect the system (diff)
download	haveged-6f0da3041d921be632aecf4d945e3f072939a83b.tar.xz haveged-6f0da3041d921be632aecf4d945e3f072939a83b.zip