httpprocprobed/init/systemd.service

[Unit]
Description=HTTPProcProbeD
After=network.target

[Service]
Type=simple
DynamicUser=yes
Restart=on-failure
ExecStart=/usr/bin/httpprocprobed -c /etc/httpprocprobed.conf
ExecReload=kill -HUP $MAINPID

ReadOnlyPaths=/

AmbientCapabilities=
CapabilityBoundingSet=

LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native

[Install]
WantedBy=multi-user.target
Systemd service file was moved to init dir. Program renamed. Added all security tweaks used in other projects. 2022-10-10 00:06:35 +04:00			`[Unit]`
			`Description=HTTPProcProbeD`
			`After=network.target`

			`[Service]`
			`Type=simple`
			`DynamicUser=yes`
			`Restart=on-failure`
			`ExecStart=/usr/bin/httpprocprobed -c /etc/httpprocprobed.conf`
			`ExecReload=kill -HUP $MAINPID`

			`ReadOnlyPaths=/`

			`AmbientCapabilities=`
			`CapabilityBoundingSet=`

			`LockPersonality=true`
			`MemoryDenyWriteExecute=true`
			`NoNewPrivileges=true`
			`PrivateDevices=true`
			`ProtectClock=true`
			`ProtectControlGroups=true`
			`ProtectHome=true`
			`ProtectKernelLogs=true`
			`ProtectKernelModules=true`
			`ProtectKernelTunables=true`
			`ProtectSystem=strict`
			`RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX`
			`RestrictNamespaces=true`
			`RestrictRealtime=true`
			`RestrictSUIDSGID=true`
			`SystemCallArchitectures=native`

			`[Install]`
			`WantedBy=multi-user.target`