add ssl exporter and ssh check for all debian/ubuntu based hosts

author: Christian Pointner <equinox@spreadspace.org> 2021-10-27 21:48:35 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2021-10-27 21:48:35 +0200
commit: ff8d7119453eeb57d2ec5ec677daa410cb1eaa1b (patch)
tree: 2a0a599d1a414ea03f1dcdd58a8ffb30bf5ee9a4 /roles/monitoring/prometheus/exporter/ssl
parent: promethues: improved job/target selection (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/monitoring/prometheus/exporter/ssl/templates/service.j2 b/roles/monitoring/prometheus/exporter/ssl/templates/service.j2
index fdd754a4..f0e1be30 100644
--- a/roles/monitoring/prometheus/exporter/ssl/templates/service.j2
+++ b/roles/monitoring/prometheus/exporter/ssl/templates/service.j2
@@ -7,8 +7,8 @@ ExecStart=/usr/bin/prometheus-ssl-exporter --web.listen-address="127.0.0.1:9219"
 ExecReload=/bin/kill -HUP $MAINPID
 
 # systemd hardening-options
-AmbientCapabilities=
-CapabilityBoundingSet=
+AmbientCapabilities=CAP_DAC_READ_SEARCH
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH
 DeviceAllow=/dev/null rw
 DevicePolicy=strict
 LockPersonality=true
author	Christian Pointner <equinox@spreadspace.org>	2021-10-27 21:48:35 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2021-10-27 21:48:35 +0200
commit	ff8d7119453eeb57d2ec5ec677daa410cb1eaa1b (patch)
tree	2a0a599d1a414ea03f1dcdd58a8ffb30bf5ee9a4 /roles/monitoring/prometheus/exporter/ssl
parent	promethues: improved job/target selection (diff)