1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
[Unit]
Description=vnStat network traffic monitor
Documentation=man:vnstatd(8) man:vnstat(1) man:vnstat.conf(5)
After=network.target
StartLimitIntervalSec=20
StartLimitBurst=4
[Service]
ExecStart=/usr/sbin/vnstatd --nodaemon
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=2
User=vnstat
# Hardening
CapabilityBoundingSet=
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
StateDirectory=vnstat
[Install]
WantedBy=multi-user.target
|
