42 lines
901 B
Desktop File
42 lines
901 B
Desktop File
[Unit]
|
|
Description=Steffens Xxx/Rfs Webservice
|
|
After=network.target syslog.socket
|
|
StartLimitBurst=5
|
|
StartLimitIntervalSec=10
|
|
|
|
[Service]
|
|
Type=forking
|
|
User=steffen-xxx
|
|
Group=webapps
|
|
WorkingDirectory=/opt/xxx/app
|
|
ExecStart=/usr/bin/hypnotoad ./script/XxxApp
|
|
ExecReload=/usr/bin/hypnotoad ./script/XxxApp
|
|
Restart=on-failure
|
|
PIDFile=/run/xxx.pid
|
|
KillMode=process
|
|
|
|
# Optional hardening to improve security
|
|
ReadOnlyPaths=/opt/xxx
|
|
NoNewPrivileges=yes
|
|
MemoryDenyWriteExecute=true
|
|
PrivateDevices=yes
|
|
PrivateTmp=yes
|
|
ProtectHome=yes
|
|
#ProtectSystem=strict
|
|
ProtectControlGroups=true
|
|
#RestrictSUIDSGID=true
|
|
RestrictRealtime=true
|
|
LockPersonality=true
|
|
#ProtectKernelLogs=true
|
|
ProtectKernelTunables=true
|
|
#ProtectHostname=true
|
|
ProtectKernelModules=true
|
|
PrivateUsers=true
|
|
#ProtectClock=true
|
|
SystemCallArchitectures=native
|
|
SystemCallErrorNumber=EPERM
|
|
SystemCallFilter=@system-service
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|