forked from jengelh/openldap2
8644a7376a
- bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user to privilege escalate to root due to unbound chown commands. OBS-URL: https://build.opensuse.org/request/show/1031422 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=307
29 lines
581 B
Desktop File
29 lines
581 B
Desktop File
[Unit]
|
|
Description=OpenLDAP Server Daemon
|
|
After=syslog.target network.target
|
|
|
|
[Service]
|
|
Type=forking
|
|
ExecStart=/usr/lib/openldap/start
|
|
|
|
# Hardening to prevent security escalation.
|
|
## Future hardening for FS protection.
|
|
# ProtectSystem=full
|
|
# ReadWritePaths=/etc/openldap/slapd.d /var/lib/ldap
|
|
|
|
RestrictSUIDSGID=true
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
MemoryDenyWriteExecute=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|