danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Hide PIDs for non-root users in proc mount

Browse Source
This commit is contained in:
Daniel Winzen
2021-04-17 11:13:00 +02:00
parent 86bf9230d0
commit 1d7d3ab924
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -86,6 +86,11 @@ tmpfs /tmp tmpfs defaults,noatime 0 0
tmpfs /var/log/nginx tmpfs rw,user,noatime 0 0 tmpfs /var/log/nginx tmpfs rw,user,noatime 0 0
``` ```
To harden the system and hide pids from non-root users, also add the following:
```
proc /proc proc defaults,hidepid=2 0 0
```
As time syncronisation is important, you should configure ntp servers in `/etc/systemd/timesyncd.conf` and make them match with the entries in `/etc/rc.local` iptables configuration As time syncronisation is important, you should configure ntp servers in `/etc/systemd/timesyncd.conf` and make them match with the entries in `/etc/rc.local` iptables configuration
Enable the PHP-FPM default instances and nginx: Enable the PHP-FPM default instances and nginx: