⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.177
Server IP:
50.6.168.112
Server:
Linux server-617809.webnetzimbabwe.com 5.14.0-570.25.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jul 9 04:57:09 EDT 2025 x86_64
Server Software:
Apache
PHP Version:
8.4.10
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
lib
/
systemd
/
system
/
View File Name :
chronyd-restricted.service
# This is a more restricted version of the chronyd service intended for # minimal NTP/NTS client configurations. The daemon is started without root # privileges and is allowed to write only to its own runtime, state, and log # directories. It cannot bind to privileged ports in order to operate as an # NTP server, or provide monitoring access over IPv4/IPv6. It cannot use # reference clocks, HW timestamping, RTC tracking, and other features. [Unit] Description=NTP client (restricted) Documentation=man:chronyd(8) man:chrony.conf(5) After=chronyd.service ntpdate.service sntp.service ntpd.service Conflicts=chronyd.service ntpd.service systemd-timesyncd.service ConditionCapability=CAP_SYS_TIME [Service] Type=forking PIDFile=/run/chrony/chronyd.pid EnvironmentFile=-/etc/sysconfig/chronyd ExecStart=/usr/sbin/chronyd -U $OPTIONS SELinuxContext=system_u:system_r:chronyd_restricted_t:s0 User=chrony LogsDirectory=chrony LogsDirectoryMode=0750 RuntimeDirectory=chrony RuntimeDirectoryMode=0750 RuntimeDirectoryPreserve=restart StateDirectory=chrony StateDirectoryMode=0750 AmbientCapabilities=CAP_SYS_TIME CapabilityBoundingSet=CAP_SYS_TIME DevicePolicy=closed LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes # This breaks adjtimex() #PrivateUsers=yes ProtectControlGroups=yes ProtectHome=yes ProtectHostname=yes ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectProc=invisible ProtectSystem=strict RemoveIPC=yes RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallFilter=~@cpu-emulation @debug @module @mount @obsolete @raw-io SystemCallFilter=~@reboot @resources @swap UMask=0077 [Install] WantedBy=multi-user.target