From f97420d43818388244988bb380dcc72c3b82a74d Mon Sep 17 00:00:00 2001 From: Ryan Kavanagh Date: Tue, 3 Jan 2023 12:17:53 -0500 Subject: new he tunnel --- etc/systemd/system/he-ipv6-update.service | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) (limited to 'etc/systemd/system/he-ipv6-update.service') diff --git a/etc/systemd/system/he-ipv6-update.service b/etc/systemd/system/he-ipv6-update.service index 1f379de..e265b60 100644 --- a/etc/systemd/system/he-ipv6-update.service +++ b/etc/systemd/system/he-ipv6-update.service @@ -4,16 +4,23 @@ After=network-online.target [Service] Type=oneshot -ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=582358" -NoNewPrivileges=yes # Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=801807" +# Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +NoNewPrivileges=yes PermissionsStartOnly=true -PrivateDevices=yes # Prevent access to /dev -PrivateTmp=yes # Use dedicated /tmp +# Prevent access to /dev +PrivateDevices=yes +# Use dedicated /tmp +PrivateTmp=yes PrivateUsers=true -ProtectHome=yes # Hide user homes -ProtectKernelModules=yes # Prevent loading or reading kernel modules -ProtectKernelTunables=yes # Prevent altering kernel tunables -ProtectSystem=strict # strict or full, see docs +# Hide user homes +ProtectHome=yes +# Prevent loading or reading kernel modules +ProtectKernelModules=yes +# Prevent altering kernel tunables +ProtectKernelTunables=yes +# strict or full, see docs +ProtectSystem=strict [Install] WantedBy=network-online.target -- cgit v1.2.3