Limit the location where fail2ban service can write to (only /var/run/fail2ban).
This commit is contained in:
parent
c5f6a08750
commit
7e7392b8ad
|
@ -114,7 +114,11 @@ in
|
|||
mkdir -p /var/run/fail2ban -m 0755
|
||||
'';
|
||||
|
||||
serviceConfig.ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
|
||||
serviceConfig =
|
||||
{ ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
|
||||
ReadOnlyDirectories = "/";
|
||||
ReadWriteDirectories = "/var/run/fail2ban";
|
||||
};
|
||||
|
||||
postStart =
|
||||
''
|
||||
|
|
Loading…
Reference in New Issue