mirror of https://github.com/azlux/log2ram
Compare commits
10 Commits
0b6c103c70
...
e8b3ed3ee8
Author | SHA1 | Date |
---|---|---|
TubbyCat | e8b3ed3ee8 | |
Azlux | 81053ccd82 | |
spacemanspiff2007 | 2d22752e8a | |
TubbyCat | c449994e22 | |
TubbyCat | c7aef205b1 | |
TubbyCat | 7f2f8d20db | |
TubbyCat | 69bc7a5cbe | |
TubbyCat | 02e7e6bcbd | |
TubbyCat | e38c73e2d5 | |
TubbyCat | a378dd30cb |
|
@ -95,6 +95,10 @@ By default, Log2Ram writes to disk every day. If you think this is too much, you
|
|||
OnCalendar=
|
||||
OnCalendar=Mon *-*-* 23:55:00
|
||||
```
|
||||
|
||||
Note:
|
||||
The ``OnCalendar=`` is important because it disables all existing times (e.g. the default one) for log2ram.
|
||||
|
||||
... Or even disable it altogether with `systemctl disable log2ram-daily.timer`, if you instead prefer Log2Ram to be writing logs only on system stops/reboots.
|
||||
|
||||
#### Compressor
|
||||
|
|
|
@ -4,3 +4,20 @@ After=log2ram.service
|
|||
|
||||
[Service]
|
||||
ExecStart=/bin/systemctl reload log2ram.service
|
||||
|
||||
# Sandboxing
|
||||
LockPersonality=true
|
||||
MemoryDenyWriteExecute=true
|
||||
NoNewPriviliges=true
|
||||
PrivateDevices=true
|
||||
PrivateNetwork=true
|
||||
#May affect "Mail" in log2ram.conf.
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
RestrictSUIDSGID=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
|
|
|
@ -15,5 +15,25 @@ ExecReload=/usr/local/bin/log2ram write
|
|||
TimeoutStartSec=120
|
||||
RemainAfterExit=yes
|
||||
|
||||
# Sandboxing
|
||||
LockPersonality=true
|
||||
MemoryDenyWriteExecute=true
|
||||
NoNewPriviliges=true
|
||||
PrivateDevices=true
|
||||
PrivateNetwork=true
|
||||
#May break "MAIL" in log2ram.conf if it points to non-local web address.
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
RestrictSUIDSGID=true
|
||||
ProtectSystem=true
|
||||
# ALT: ProtectSystem=full # needs rw whitelisting for /var/hdd.log/
|
||||
ProtectHome=true
|
||||
#may cause breakage in situations wherein user has configured log2ram to also copy logs from $HOME.
|
||||
#can probably fix with systemctl edit to whitelist relevant dirs. See: ReadWritePaths=
|
||||
|
||||
[Install]
|
||||
WantedBy=sysinit.target
|
||||
|
|
Loading…
Reference in New Issue