Introduce systemd.exec restrictions for better security

etc/systemd/system/vsftpd.service.d/custom.conf

@@ -0,0 +1,13 @@
+[Service]
+ProtectSystem=strict
+PrivateTmp=true
+NoNewPrivileges=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+InaccessiblePaths=/var/www/
+InaccessiblePaths=/root/