A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
Jonathan Gilchrist jgilchrist
ageis
/ systemd_service_hardening.md
Last active
September 5, 2024 09:52
Options for hardening systemd service units
ryin
/ tmux_local_install.sh
Last active
August 20, 2024 19:45
bash script for installing tmux without root access
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Script for installing tmux on systems where you don't have root access. | |
| # tmux will be installed in $HOME/local/bin. | |
| # It's assumed that wget and a C/C++ compiler are installed. | |
| # exit on error | |
| set -e | |
| TMUX_VERSION=1.8 |