From 52536b2675c3f2ef816b6e59d2be958197d63ff5 Mon Sep 17 00:00:00 2001
From: nxshock <nxshock@gmail.com>
Date: Thu, 28 Dec 2023 18:40:38 +0500
Subject: [PATCH] More systemd hardening

---
 gonx.service | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gonx.service b/gonx.service
index a7d874f..545e22d 100644
--- a/gonx.service
+++ b/gonx.service
@@ -37,6 +37,9 @@ RestrictRealtime=true
 RestrictSUIDSGID=true
 SystemCallArchitectures=native
 UMask=0027
+ProtectProc=noaccess
+ProcSubset=pid
+SystemCallFilter=~@clock @swap @reboot @raw-io @privileged @obsolete @mount @module @debug @cpu-emulation
 
 [Install]
 WantedBy=multi-user.target