public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Limit the capabilities of what fail2ban service can do. Taken from ArchLinux wiki.

This commit is contained in:
Rob Vermaas 2013-07-25 20:03:29 +02:00
parent 7e7392b8ad
commit 6adfb647ff
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/services/security/fail2ban.nix
View File

@ -118,6 +118,7 @@ in
{ ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f"; { ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
ReadOnlyDirectories = "/"; ReadOnlyDirectories = "/";
ReadWriteDirectories = "/var/run/fail2ban"; ReadWriteDirectories = "/var/run/fail2ban";
CapabilityBoundingSet="CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW";
}; };
postStart = postStart =