From ff8d7119453eeb57d2ec5ec677daa410cb1eaa1b Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 27 Oct 2021 21:48:35 +0200
Subject: add ssl exporter and ssh check for all debian/ubuntu based hosts

---
 roles/monitoring/prometheus/exporter/ssl/templates/service.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roles/monitoring/prometheus/exporter/ssl/templates/service.j2')

diff --git a/roles/monitoring/prometheus/exporter/ssl/templates/service.j2 b/roles/monitoring/prometheus/exporter/ssl/templates/service.j2
index fdd754a4..f0e1be30 100644
--- a/roles/monitoring/prometheus/exporter/ssl/templates/service.j2
+++ b/roles/monitoring/prometheus/exporter/ssl/templates/service.j2
@@ -7,8 +7,8 @@ ExecStart=/usr/bin/prometheus-ssl-exporter --web.listen-address="127.0.0.1:9219"
 ExecReload=/bin/kill -HUP $MAINPID
 
 # systemd hardening-options
-AmbientCapabilities=
-CapabilityBoundingSet=
+AmbientCapabilities=CAP_DAC_READ_SEARCH
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH
 DeviceAllow=/dev/null rw
 DevicePolicy=strict
 LockPersonality=true
-- 
cgit v1.2.3