A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
ProtectHome=read-only
ProtectControlGroups=yes
ProtectKernelModules=yes
Dmitri Muntean dmuntean
dmuntean
/ systemd_service_hardening.md
Created
November 13, 2018 04:07
— forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units
dmuntean
/ awspsv.py
Created
September 19, 2018 11:22
— forked from hemebond/awspsv.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # 2018-02-15 Updated to be compatible with Salt-Cloud 2017.7.3 | |
| import sys | |
| import os.path | |
| import yaml | |
| import boto3 | |
| import salt.config |
dmuntean
/ 0_article.md
Created
September 19, 2018 11:15
— forked from hemebond/0_article.md
A SaltStack AWS Auto Scaling Solution
The AWS Auto Scaling Goup, configured with a customised Cloud-Init file, sends a notification to an SNS Topic, which in turn passes it onto an SQS queue that the Salt Master is subscribed to. A Reactor watches for the auto scaling events and pre-approves the new minion based on its Auto Scaling group name and instance ID.
dmuntean
/ gist:0ed5517110b80b07349efdcdbcde3a67
Created
September 11, 2017 03:44
— forked from j3j5/gist:8b3e48ccad746b90a54a
Adyen Test Card Numbers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Adyen Test Card Numbers | |
| These cards are only valid on our TEST system and they will never involve any actual transaction or transfer of funds. The TEST card numbers will not work on the Adyen LIVE Platform. | |
| For all cards use the following expiration and CVV2/CVC2/or CID for Amex. | |
| For all cards: | |
| Expiration Dates CVV2 / CVC3 CID (American Express) | |
| 08/2018 OR 10/2020 737 7373 |
dmuntean
/ ideal ops.md
Created
August 22, 2012 01:40
— forked from bhenerey/ideal ops.md
ideal ops checklist
In a perfect world, where things are done well, not just quickly, I would expect to find the following when joining the company:
Documentation
-
Accurate / up-to-date systems architecture diagram
-
Accurate / up-to-date network diagram
-
Out-of-hours support plan
-
Incident management plan