Systemd service file was moved to init dir. Program renamed. Added all security tweaks used in other projects.

contrib/systemd/httpprocwatchd.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=HTTPProcWatchD
-After=network.target
-
-[Service]
-Type=simple
-DynamicUser=yes
-Restart=on-failure
-ExecStart=/usr/bin/httpprocwatchd --config /etc/httpprocwatchd/config.conf
-ExecReload=kill -HUP $MAINPID
-
-[Install]
-WantedBy=multi-user.target

init/systemd.service

@@ -0,0 +1,35 @@
+[Unit]
+Description=HTTPProcProbeD
+After=network.target
+
+[Service]
+Type=simple
+DynamicUser=yes
+Restart=on-failure
+ExecStart=/usr/bin/httpprocprobed -c /etc/httpprocprobed.conf
+ExecReload=kill -HUP $MAINPID
+
+ReadOnlyPaths=/
+
+AmbientCapabilities=
+CapabilityBoundingSet=
+
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=multi-user.target