[ SEA-GHOST MINI SHELL]
[Unit]
Description=PowerDNS Authoritative Server %i
Documentation=man:pdns_server(1) man:pdns_control(1)
Documentation=https://doc.powerdns.com
Wants=network-online.target
After=network-online.target time-sync.target
Conflicts=named.service
[Service]
ExecStart=/usr/sbin/pdns_server --config-name=%i --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
SyslogIdentifier=pdns_server-%i
User=named
Group=named
Type=notify
Restart=on-failure
RestartSec=1
StartLimitInterval=0
RuntimeDirectory=pdns
# Sandboxing
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
# Setting PrivateUsers=true prevents us from opening our sockets
ProtectHome=true
# ProtectSystem=full will disallow write access to /etc and /usr, possibly
# not being able to write slaved-zones into sqlite3 or zonefiles.
ProtectSystem=full
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallArchitectures=native
DevicePolicy=closed
# Not enabled by default because it does not play well with LuaJIT
# MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
SEA-GHOST - SHELL CODING BY SEA-GHOST