瀏覽代碼

Merge c449994e22 into 5cd873123c

pull/195/merge
TubbyCat 1 月之前
committed by GitHub
父節點
當前提交
1ab2d9785e
沒有發現已知的金鑰在資料庫的簽署中 GPG 金鑰 ID: B5690EEEBB952194
共有 2 個檔案被更改,包括 37 行新增0 行删除
  1. +17
    -0
      log2ram-daily.service
  2. +20
    -0
      log2ram.service

+ 17
- 0
log2ram-daily.service 查看文件

@@ -5,3 +5,20 @@ Documentation=https://github.com/azlux/log2ram

[Service]
ExecStart=/bin/systemctl reload log2ram.service

# Sandboxing
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPriviliges=true
PrivateDevices=true
PrivateNetwork=true
#May affect "Mail" in log2ram.conf.
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
ProtectSystem=strict
ProtectHome=true

+ 20
- 0
log2ram.service 查看文件

@@ -16,5 +16,25 @@ ExecReload=/usr/local/bin/log2ram write
TimeoutStartSec=120
RemainAfterExit=yes

# Sandboxing
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPriviliges=true
PrivateDevices=true
PrivateNetwork=true
#May break "MAIL" in log2ram.conf if it points to non-local web address.
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
ProtectSystem=true
# ALT: ProtectSystem=full # needs rw whitelisting for /var/hdd.log/
ProtectHome=true
#may cause breakage in situations wherein user has configured log2ram to also copy logs from $HOME.
#can probably fix with systemctl edit to whitelist relevant dirs. See: ReadWritePaths=

[Install]
WantedBy=sysinit.target

Loading…
取消
儲存