Limit the location where fail2ban service can write to (only /var/run/fail2ban).

This commit is contained in:
Rob Vermaas 2013-07-25 15:48:00 +02:00
parent c5f6a08750
commit 7e7392b8ad
1 changed files with 5 additions and 1 deletions

View File

@ -114,7 +114,11 @@ in
mkdir -p /var/run/fail2ban -m 0755
'';
serviceConfig.ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
serviceConfig =
{ ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
ReadOnlyDirectories = "/";
ReadWriteDirectories = "/var/run/fail2ban";
};
postStart =
''