Cheat Sheet logoCheat Sheet Today
Linux systemd Service Files Cheat Sheet/Basic sandboxing example

Apply a few common hardening options.

Back to sheetBrowse commands
Sign in to save
Section: Restart Policy, Types, Hardening

Basic sandboxing example

ini
ini
[Service]
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
ReadWritePaths=/var/lib/myapp
Explanation

A starting point for service hardening.

View in sheet →

Learn the surrounding workflow

Compare similar commands or jump into common fixes when this command is part of a bigger troubleshooting path.

Compare commandsView fixes

Related commands

Same sheet · prioritizing Restart Policy, Types, Hardening
Restart on failure
Automatic restart policy.
OpenIn sheetinisame section
One-shot service type
Configure a one-time task service.
OpenIn sheetinisame section
Use Type=notify
Service signals readiness to systemd.
OpenIn sheetinisame section
Limit Linux capabilities
Reduce privilege scope.
OpenIn sheetinisame section
Evaluate unit hardening
Score a custom service for security posture.
OpenIn sheetbashsame section
Create custom service file
Open a new service file under /etc/systemd/system.
OpenIn sheetbash1 tag match