Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve security of rest-server.service by restricting network access
This patch improves the overall security assessment score given by `systemd-analyze security rest-server.service` from "1.3 OK" to "0.6 SAFE" (when using systemd-analyze version 253) * Remove `AF_INET AF_INET6` from RestrictAddressFamilies. Sockets originating from socket activation are not affected by the systemd directive RestrictAddressFamilies. See systemd.exec man page. * Add `PrivateNetwork=yes` as recommended for socket-activated services in the systemd.socket man page * Add dependency on rest-server.socket Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
- Loading branch information