fankes/beszel
2
0
Fork 0
mirror of https://github.com/fankes/beszel.git synced 2025-10-20 02:09:28 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

agent-install: add security options to systemd unit file

Browse Source
This commit is contained in:
Henry Dollman
2025-02-03 19:06:03 -05:00
parent ff5eb07716
commit 5a8e8c1512
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
supplemental/scripts/install-agent.sh
View File

@@ -470,8 +470,24 @@ Environment="KEY=$KEY"
# Environment="EXTRA_FILESYSTEMS=sdb" # Environment="EXTRA_FILESYSTEMS=sdb"
ExecStart=/opt/beszel-agent/beszel-agent ExecStart=/opt/beszel-agent/beszel-agent
User=beszel User=beszel
Restart=always Restart=on-failure
RestartSec=5 RestartSec=5
StateDirectory=beszel-agent
# Security/sandboxing settings
KeyringMode=private
LockPersonality=yes
NoNewPrivileges=yes
PrivateTmp=yes
ProtectClock=yes
ProtectHome=read-only
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RemoveIPC=yes
RestrictSUIDSGID=true
SystemCallArchitectures=native
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target