From fc8011de2ec25c56daae82af01d70828ce133d22 Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@vdwaa.nl>
Date: Sat, 19 Jan 2019 21:27:06 +0100
Subject: [PATCH] Harden kanboard cron service

---
 roles/kanboard/templates/kanboard-cron.service | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/roles/kanboard/templates/kanboard-cron.service b/roles/kanboard/templates/kanboard-cron.service
index 845c7641..b2508ed0 100644
--- a/roles/kanboard/templates/kanboard-cron.service
+++ b/roles/kanboard/templates/kanboard-cron.service
@@ -6,3 +6,12 @@ User=kanboard
 Type=oneshot
 WorkingDirectory={{kanboard_dir}}
 ExecStart=/usr/bin/php ./cli cron
+
+NoNewPrivileges=true
+TimeoutStartSec=3600
+
+ProtectHome=true
+ProtectSystem=full
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true