azlux/log2ram
1
0
Fork 0
mirror of https://github.com/azlux/log2ram synced 2024-11-23 13:56:30 +00:00
Code Issues Releases Wiki Activity

Compare commits

base: azlux:0d626d8d2f7ad4d24efa46525284ba08b5c9f6b3
Branches Tags
azlux:master
azlux:openrc-tests
azlux:testing
azlux:1.7.2
azlux:1.7b1
azlux:1.6.1
azlux:1.6.0
azlux:1.5.2
azlux:1.5.1
azlux:1.5
azlux:1.4.4
azlux:1.4.3
azlux:1.4.2
azlux:1.4.1
azlux:v1.4
azlux:v1.3
azlux:v1.2.2
azlux:v1.2.1
azlux:v1.2
azlux:v1.1
azlux:v1.0
...
compare: azlux:1ab2d9785e10f97a56da6bbdd8aebb13bbff5fde
Branches Tags
azlux:master
azlux:openrc-tests
azlux:testing
azlux:1.7.2
azlux:1.7b1
azlux:1.6.1
azlux:1.6.0
azlux:1.5.2
azlux:1.5.1
azlux:1.5
azlux:1.4.4
azlux:1.4.3
azlux:1.4.2
azlux:1.4.1
azlux:v1.4
azlux:v1.3
azlux:v1.2.2
azlux:v1.2.1
azlux:v1.2
azlux:v1.1
azlux:v1.0

9 Commits
0d626d8d2f ... 1ab2d9785e

Author SHA1 Message Date
TubbyCat
1ab2d9785e
Merge c449994e22 into 5cd873123c 2024-10-18 15:21:21 +08:00
melizasw
5cd873123c
Add Documentation links for systemd use. (#232) 2024-09-30 09:41:51 +02:00
TubbyCat
c449994e22
Update log2ram.service 2022-08-25 18:31:43 -04:00
TubbyCat
c7aef205b1
Update log2ram.service 2022-08-25 16:31:47 -04:00
TubbyCat
7f2f8d20db
Update log2ram-daily.service 2022-08-25 16:28:09 -04:00
TubbyCat
69bc7a5cbe
Update log2ram.service 2022-08-25 00:00:05 -04:00
TubbyCat
02e7e6bcbd
Update log2ram.service 2022-08-24 22:33:28 -04:00
TubbyCat
e38c73e2d5
Update log2ram.service 
untested. partial sandboxing.
 2022-08-24 22:32:40 -04:00
TubbyCat
a378dd30cb
Update log2ram-daily.service 2022-07-16 22:19:03 -04:00
2 changed files with 39 additions and 0 deletions
Show Stats Expand all files Collapse all files

18
log2ram-daily.service
View File

@ -1,6 +1,24 @@
[Unit] [Unit]
Description=Daily Log2Ram writing activities Description=Daily Log2Ram writing activities
After=log2ram.service After=log2ram.service
Documentation=https://github.com/azlux/log2ram
[Service] [Service]
ExecStart=/bin/systemctl reload log2ram.service ExecStart=/bin/systemctl reload log2ram.service
# Sandboxing
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPriviliges=true
PrivateDevices=true
PrivateNetwork=true
#May affect "Mail" in log2ram.conf.
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
ProtectSystem=strict
ProtectHome=true

21
log2ram.service
View File

@ -6,6 +6,7 @@ After=local-fs.target
Conflicts=shutdown.target reboot.target halt.target Conflicts=shutdown.target reboot.target halt.target
RequiresMountsFor=/var/log /var/hdd.log RequiresMountsFor=/var/log /var/hdd.log
IgnoreOnIsolate=yes IgnoreOnIsolate=yes
Documentation=https://github.com/azlux/log2ram
[Service] [Service]
Type=oneshot Type=oneshot
@ -15,5 +16,25 @@ ExecReload=/usr/local/bin/log2ram write
TimeoutStartSec=120 TimeoutStartSec=120
RemainAfterExit=yes RemainAfterExit=yes
# Sandboxing
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPriviliges=true
PrivateDevices=true
PrivateNetwork=true
#May break "MAIL" in log2ram.conf if it points to non-local web address.
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
ProtectSystem=true
# ALT: ProtectSystem=full # needs rw whitelisting for /var/hdd.log/
ProtectHome=true
#may cause breakage in situations wherein user has configured log2ram to also copy logs from $HOME.
#can probably fix with systemctl edit to whitelist relevant dirs. See: ReadWritePaths=
[Install] [Install]
WantedBy=sysinit.target WantedBy=sysinit.target