1
0
mirror of https://github.com/azlux/log2ram synced 2024-11-23 13:56:30 +00:00

Compare commits

...

8 Commits

Author SHA1 Message Date
TubbyCat
4dbafc31ae
Merge c449994e22 into 12075982ca 2024-07-07 00:07:02 +02:00
TubbyCat
c449994e22
Update log2ram.service 2022-08-25 18:31:43 -04:00
TubbyCat
c7aef205b1
Update log2ram.service 2022-08-25 16:31:47 -04:00
TubbyCat
7f2f8d20db
Update log2ram-daily.service 2022-08-25 16:28:09 -04:00
TubbyCat
69bc7a5cbe
Update log2ram.service 2022-08-25 00:00:05 -04:00
TubbyCat
02e7e6bcbd
Update log2ram.service 2022-08-24 22:33:28 -04:00
TubbyCat
e38c73e2d5
Update log2ram.service
untested. partial sandboxing.
2022-08-24 22:32:40 -04:00
TubbyCat
a378dd30cb
Update log2ram-daily.service 2022-07-16 22:19:03 -04:00
2 changed files with 37 additions and 0 deletions

View File

@ -4,3 +4,20 @@ After=log2ram.service
[Service]
ExecStart=/bin/systemctl reload log2ram.service
# Sandboxing
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPriviliges=true
PrivateDevices=true
PrivateNetwork=true
#May affect "Mail" in log2ram.conf.
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
ProtectSystem=strict
ProtectHome=true

View File

@ -15,5 +15,25 @@ ExecReload=/usr/local/bin/log2ram write
TimeoutStartSec=120
RemainAfterExit=yes
# Sandboxing
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPriviliges=true
PrivateDevices=true
PrivateNetwork=true
#May break "MAIL" in log2ram.conf if it points to non-local web address.
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
ProtectSystem=true
# ALT: ProtectSystem=full # needs rw whitelisting for /var/hdd.log/
ProtectHome=true
#may cause breakage in situations wherein user has configured log2ram to also copy logs from $HOME.
#can probably fix with systemctl edit to whitelist relevant dirs. See: ReadWritePaths=
[Install]
WantedBy=sysinit.target