Limit the location where fail2ban service can write to (only /var/run/fail2ban).

2013-07-25 15:48:00 +02:00 · 2013-07-25 15:48:00 +02:00 · 7e7392b8ad
commit 7e7392b8ad
parent c5f6a08750
1 changed files with 5 additions and 1 deletions
--- a/modules/services/security/fail2ban.nix
+++ b/modules/services/security/fail2ban.nix
@ -114,7 +114,11 @@ in
            mkdir -p /var/run/fail2ban -m 0755
          '';
-        serviceConfig.ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
+        serviceConfig =
          { ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
            ReadOnlyDirectories = "/";
            ReadWriteDirectories = "/var/run/fail2ban";
          };
        postStart =
          ''