diff options
author | Michael Klishin <klishinm@vmware.com> | 2021-11-19 20:09:38 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-19 20:09:38 +0300 |
commit | 2483711505622d6e2393f4f967daac775d0e27cb (patch) | |
tree | d2b7d625f9852a7a6da7b8b796bb0d1b33c921df | |
parent | bc3cc6a8817663cddfcf93c5f6bd7b3ab3caf5d7 (diff) | |
parent | 23d5073dcbb54f1119aea02a41baf3d7ba2d60bb (diff) | |
download | rabbitmq-server-git-2483711505622d6e2393f4f967daac775d0e27cb.tar.gz |
Merge pull request #3770 from easyteacher/systemd-hardening
Add systemd hardening parameters in rabbitmq-server.service.example
-rw-r--r-- | deps/rabbit/docs/rabbitmq-server.service.example | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/deps/rabbit/docs/rabbitmq-server.service.example b/deps/rabbit/docs/rabbitmq-server.service.example index dec70eb635..69531b1ff6 100644 --- a/deps/rabbit/docs/rabbitmq-server.service.example +++ b/deps/rabbit/docs/rabbitmq-server.service.example @@ -5,6 +5,19 @@ After=network.target epmd@0.0.0.0.socket Wants=network.target epmd@0.0.0.0.socket [Service] +# Note: You *may* wish to uncomment the following lines to apply systemd +# hardening effort to RabbitMQ, to prevent your system from being illegally +# modified by undiscovered vulnerabilities in RabbitMQ. +# ProtectSystem=full +# ProtectHome=true +# PrivateDevices=true +# ProtectHostname=true +# ProtectClock=true +# ProtectKernelTunables=true +# ProtectKernelModules=true +# ProtectKernelLogs=true +# ProtectControlGroups=true +# RestrictRealtime=true Type=notify User=rabbitmq Group=rabbitmq |