From 23527d57b4df85f0f210f3a249d93a7fbbe98230 Mon Sep 17 00:00:00 2001
From: Gaming4JC <g4jc@openmailbox.org>
Date: Sun, 5 Mar 2017 10:03:05 -0500
Subject: basic i2p hardening

---
 pcr/i2p/i2prouter.service | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'pcr/i2p/i2prouter.service')

diff --git a/pcr/i2p/i2prouter.service b/pcr/i2p/i2prouter.service
index 7c278c833..2ac9c2304 100644
--- a/pcr/i2p/i2prouter.service
+++ b/pcr/i2p/i2prouter.service
@@ -14,6 +14,29 @@ SendSIGKILL=no
 ExecReload=/bin/kill -USR1 $MAINPID
 ExecStop=/bin/kill -TERM $MAINPID
 SuccessExitStatus=0 2 3
+PrivateTmp=yes
+PrivateDevices=yes
+ReadOnlyDirectories=/etc
+ReadOnlyDirectories=/usr
+ReadOnlyDirectories=/var/lib
+InaccessibleDirectories=-/root
+InaccessibleDirectories=-/media
+InaccessibleDirectories=-/boot
+InaccessibleDirectories=-/home
+InaccessibleDirectories=-/run/console
+InaccessibleDirectories=-/run/dbus
+InaccessibleDirectories=-/run/lock
+InaccessibleDirectories=-/run/mount
+InaccessibleDirectories=-/run/systemd/generator
+InaccessibleDirectories=-/run/systemd/system
+InaccessibleDirectories=-/run/systemd/users
+InaccessibleDirectories=-/run/udev
+InaccessibleDirectories=-/run/user
+InaccessibleDirectories=-/var/lib/dbus
+InaccessibleDirectories=-/var/lib/rpm
+InaccessibleDirectories=-/var/lib/systemd
+InaccessibleDirectories=-/var/lib/yum
+InaccessibleDirectories=-/var/spool
 
 [Install]
 WantedBy=multi-user.target
-- 
cgit v1.2.3