11 lines
353 B
Plaintext
11 lines
353 B
Plaintext
[Service]
|
|
PrivateDevices=yes
|
|
PrivateTmp=yes
|
|
ProtectHome=read-only
|
|
ProtectSystem=strict
|
|
ReadWritePaths=-/var/run/fail2ban
|
|
ReadWritePaths=-/var/lib/fail2ban
|
|
ReadWritePaths=-/var/log/fail2ban.log
|
|
ReadWritePaths=-/var/spool/postfix/maildrop
|
|
ReadWritePaths=-/run/xtables.lock
|
|
CapabilityBoundingSet=CAP_AUDIT_READ CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW |