Setup Chrony seccomp filter

Signed-off-by: Thien Tran <contact@tommytran.io>
This commit is contained in:
Thien Tran 2023-08-15 18:23:38 -07:00
parent f66bce02e9
commit 3ee9f7c9d1
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
4 changed files with 30 additions and 2 deletions

View File

@ -115,6 +115,14 @@
"source": "data:;base64,H4sIAAAAAAAC/4yQsU78MAyHdz9Fpf/cyxNkuL8OIVaO6oaqQ0hMz2pqB8cB+vYM1QmBGNh+0vf5GzwOTDbBCWtUKkbC/thM1mAUu6GkYKhwfDFUnyQuqIeK+kYR4RFfGylWz2jvoksvnInxYEFntC/84wzG874mGCqqVxGDe5VW9nkRXYjnEylGE928K8GuzsTtoT7KWqSiSzcD/t19YDxbUPOuVXXPxG4m60rLGX5h30N/1Vrp+gRPW0EvjPUqBjA+cLWQ8wSXwIbp/+bXlo36VlFvn/gMAAD//9CerLZjAQAA" "source": "data:;base64,H4sIAAAAAAAC/4yQsU78MAyHdz9Fpf/cyxNkuL8OIVaO6oaqQ0hMz2pqB8cB+vYM1QmBGNh+0vf5GzwOTDbBCWtUKkbC/thM1mAUu6GkYKhwfDFUnyQuqIeK+kYR4RFfGylWz2jvoksvnInxYEFntC/84wzG874mGCqqVxGDe5VW9nkRXYjnEylGE928K8GuzsTtoT7KWqSiSzcD/t19YDxbUPOuVXXPxG4m60rLGX5h30N/1Vrp+gRPW0EvjPUqBjA+cLWQ8wSXwIbp/+bXlo36VlFvn/gMAAD//9CerLZjAQAA"
} }
}, },
{
"overwrite": true,
"path": "/etc/sysconfig/chronyd",
"contents": {
"compression": "",
"source": "data:,%23%20Command-line%20options%20for%20chronyd%0AOPTIONS%3D%22-F%201%22%0A"
}
},
{ {
"overwrite": true, "overwrite": true,
"path": "/etc/unbound/unbound.conf", "path": "/etc/unbound/unbound.conf",

View File

@ -173,6 +173,12 @@ storage:
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- path: /etc/sysconfig/chronyd
overwrite: true
contents:
inline: |
# Command-line options for chronyd
OPTIONS="-F 1"
- path: /etc/unbound/unbound.conf - path: /etc/unbound/unbound.conf
overwrite: true overwrite: true
contents: contents:

View File

@ -108,12 +108,20 @@
"source": "data:,GSSAPIAuthentication%20no%0AVerifyHostKeyDNS%20yes%0A" "source": "data:,GSSAPIAuthentication%20no%0AVerifyHostKeyDNS%20yes%0A"
} }
}, },
{
"overwrite": true,
"path": "/etc/sysconfig/chronyd",
"contents": {
"compression": "",
"source": "data:,%23%20Command-line%20options%20for%20chronyd%0AOPTIONS%3D%22-F%201%22%0A"
}
},
{ {
"overwrite": true, "overwrite": true,
"path": "/etc/unbound/unbound.conf", "path": "/etc/unbound/unbound.conf",
"contents": { "contents": {
"compression": "gzip", "compression": "gzip",
"source": "data:;base64,H4sIAAAAAAAC/6xSQWvcPBC9768Q/s5jezfZ5MNQ6CWFQktL00uPE2lsD5ElZzTa1Pn1RbtdlyyFQqkNxp4373ne0ySSA0m3McaOEqN2pqo2G2MwawSVnBQw2DEK9OypM1VzQGk8PzQ5PMQcXFNY9SMt1caYV4TEQ0DPYejMQmljTOmER1ogUVAO5E9A4fkElkThIQdXftOQ2iYl35RqaiweYe7ZolKqreiZxfNIkjpTff7y6d37D3dv7r/df737eDQxsiMYVWfIiQRwoKDnYY4YuzKJLq+KRxMnD6/qB5LEMaxDOwoLYPhFRnEUAP0QwcXnMAg6ugA9ykDwlEmY0gUm1JMIephRxwssjfGYTp/4ZdXkIUQhsA56j2vKE36H7GY4dV61t7tSjC57AhtDz0NnqgN6dqhRDCtJeSnH9xRwIpg48MQJlWOApMJ2DS2HZwxKDoRmv4COQmmM3nVm256u0pQILM4J+ijAbs0rZh0ihwHm4mUmmVgLcXcNN/v91b70zCUEtav983dZm59CfZRnFAcvMVDZ2zJzZ6q6GDhjZTPynFQIp7PUGUPnpDPbuty7t//vr/5LZLOwLrX1MbveoxC4kGobp9/w2rr9C97upr3prm/b9vTottvtPxBp2z+L/AgAAP//qRxiA+IDAAA=" "source": "data:;base64,H4sIAAAAAAAC/6xSQWvcPBC9768Q/s5jezfZ5MNQ6CWFQktL00uPE2lsD5ElZzTa1Pn1RbtdlyyFQqkNxp4373ne0ySSA0m3McaOEqN2pqo2G2MwawSVnBQw2DEK9OypM1VzQGk8PzQ5PMQcXFNY9SMt1caYV4TEQ0DPYejMQmljTOmER1ogUVAO5E9A4fkElkThIQdXftOQ2iYl35RqaiweYe7ZolKqreiZxfNIkjpTff7y6d37D3dv7r/df737eDQxsiMYVWfIiQRwoKDnYY4YuzKJLq+KRxMnD6/qB5LEMaxDOwoLYPhFRnEUAP0QwcXnMAg6ugA9ykDwlEmY0gUm1JMIephRxwssjfGYTp/4ZdXkIUQhsA56j2vKE36H7GY4dV61t7tSjC57AhtDz0NnqgN6dqhRDCtJeSnH9xRwIpg48MQJlWOApMJ2DS2HZwxKDoRmv4COQmmM3nVm256u0pQILM4J+ijAbs0rZh0ihwHm4mUmmVgLcXcNN/v91b70zCUEtav983dZm59CfZRnFAcvMVDZ2zJzZ6q6GDhjZTPynFQIp7PUGUPnpDPbuty7t//vr/5LZLOwLrX1MbveoxC4kGobp9/w2rr9C97upr3prm/b9vTottvtPxBp2z+K9P3mRwAAAP//CV2iuOQDAAA="
} }
}, },
{ {

View File

@ -171,6 +171,12 @@ storage:
inline: | inline: |
GSSAPIAuthentication no GSSAPIAuthentication no
VerifyHostKeyDNS yes VerifyHostKeyDNS yes
- path: /etc/sysconfig/chronyd
overwrite: true
contents:
inline: |
# Command-line options for chronyd
OPTIONS="-F 1"
- path: /etc/unbound/unbound.conf - path: /etc/unbound/unbound.conf
overwrite: true overwrite: true
contents: contents:
@ -213,7 +219,7 @@ storage:
forward-addr: 1.1.1.2@853#security.cloudflare-dns.com forward-addr: 1.1.1.2@853#security.cloudflare-dns.com
forward-addr: 1.0.0.2@853#security.cloudflare-dns.com forward-addr: 1.0.0.2@853#security.cloudflare-dns.com
forward-addr: 2606:4700:4700::1112@853#security.cloudflare-dns.com forward-addr: 2606:4700:4700::1112@853#security.cloudflare-dns.com
forward-addr: 2606:4700:4700::1002@853#security.cloudflare-dns.com forward-addr: 2606:4700:4700::1002@853#security.cloudflare-dns.comff
- path: /etc/systemd/system/unbound.service.d/override.conf - path: /etc/systemd/system/unbound.service.d/override.conf
contents: contents:
inline: | inline: |