⚝
One Hat Cyber Team
⚝
Your IP:
3.144.99.161
Server IP:
97.74.87.16
Server:
Linux 16.87.74.97.host.secureserver.net 5.14.0-503.38.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Apr 18 08:52:10 EDT 2025 x86_64
Server Software:
Apache
PHP Version:
8.2.28
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
lib
/
systemd
/
system
/
View File Name :
chronyd-restricted.service
# This is a more restricted version of the chronyd service intended for # minimal NTP/NTS client configurations. The daemon is started without root # privileges and is allowed to write only to its own runtime, state, and log # directories. It cannot bind to privileged ports in order to operate as an # NTP server, or provide monitoring access over IPv4/IPv6. It cannot use # reference clocks, HW timestamping, RTC tracking, and other features. [Unit] Description=NTP client (restricted) Documentation=man:chronyd(8) man:chrony.conf(5) After=chronyd.service ntpdate.service sntp.service ntpd.service Conflicts=chronyd.service ntpd.service systemd-timesyncd.service ConditionCapability=CAP_SYS_TIME [Service] Type=forking PIDFile=/run/chrony/chronyd.pid EnvironmentFile=-/etc/sysconfig/chronyd ExecStart=/usr/sbin/chronyd -U $OPTIONS SELinuxContext=system_u:system_r:chronyd_restricted_t:s0 User=chrony LogsDirectory=chrony LogsDirectoryMode=0750 RuntimeDirectory=chrony RuntimeDirectoryMode=0750 RuntimeDirectoryPreserve=restart StateDirectory=chrony StateDirectoryMode=0750 AmbientCapabilities=CAP_SYS_TIME CapabilityBoundingSet=CAP_SYS_TIME DevicePolicy=closed LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes # This breaks adjtimex() #PrivateUsers=yes ProtectControlGroups=yes ProtectHome=yes ProtectHostname=yes ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectProc=invisible ProtectSystem=strict RemoveIPC=yes RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallFilter=~@cpu-emulation @debug @module @mount @obsolete @raw-io SystemCallFilter=~@reboot @resources @swap UMask=0077 [Install] WantedBy=multi-user.target