gentoo auto-resync : 27:07:2022 - 15:01:59

author: V3n3RiX <venerix@koprulu.sector> 2022-07-27 15:01:59 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2022-07-27 15:01:59 +0100
commit: d1d8adbfd346340c3784c72a9fa0868dde6ff736 (patch)
tree: e10785da8133e519147d7b5fdc5e3b634a041f8b /www-servers/apache/files
parent: d305208ca7a258fb77809f63c895764345c61919 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/www-servers/apache/files/apache2.4-hardened.service b/www-servers/apache/files/apache2.4-hardened.service
new file mode 100644
index 000000000000..fe66567e1e80
--- /dev/null
+++ b/www-servers/apache/files/apache2.4-hardened.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=The Apache HTTP Server
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/apache2
+ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND
+ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful
+ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop
+# We want systemd to give httpd some time to finish gracefully, but still want
+# it to kill httpd after TimeoutStopSec if something went wrong during the
+# graceful stop. Normally, Systemd sends SIGTERM signal right after the
+# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
+# httpd time to finish.
+KillSignal=SIGCONT
+PrivateTmp=true
+#Hardening
+CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_KILL CAP_NET_BIND_SERVICE CAP_IPC_LOCK
+SecureBits=noroot-locked
+ProtectSystem=full
+PrivateDevices=true
+MemoryDenyWriteExecute=true
+
+[Install]
+WantedBy=multi-user.target
author	V3n3RiX <venerix@koprulu.sector>	2022-07-27 15:01:59 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2022-07-27 15:01:59 +0100
commit	d1d8adbfd346340c3784c72a9fa0868dde6ff736 (patch)
tree	e10785da8133e519147d7b5fdc5e3b634a041f8b /www-servers/apache/files
parent	d305208ca7a258fb77809f63c895764345c61919 (diff)