diff options
-rw-r--r-- | roles/monitoring/prometheus/exporter/nftables/templates/service.j2 | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/roles/monitoring/prometheus/exporter/nftables/templates/service.j2 b/roles/monitoring/prometheus/exporter/nftables/templates/service.j2 index b22d9582..ad67b0cf 100644 --- a/roles/monitoring/prometheus/exporter/nftables/templates/service.j2 +++ b/roles/monitoring/prometheus/exporter/nftables/templates/service.j2 @@ -1,12 +1,10 @@ [Unit] Description=Prometheus nftables exporter -After=systemd-modules-load.service [Service] Restart=always User=prometheus-exporter ExecStart=/usr/bin/prometheus-nftables-exporter --config=/etc/prometheus/exporter/nftables/config.yml -ExecReload=/bin/kill -HUP $MAINPID # systemd hardening-options AmbientCapabilities=CAP_NET_ADMIN @@ -16,6 +14,7 @@ DevicePolicy=strict LockPersonality=true MemoryDenyWriteExecute=true NoNewPrivileges=true +PrivateDevices=true PrivateTmp=true ProtectControlGroups=true ProtectHome=true |