mirror of https://github.com/azlux/log2ram
Compare commits
9 Commits
f4a5af86fe
...
0b6c103c70
Author | SHA1 | Date |
---|---|---|
TubbyCat | 0b6c103c70 | |
Azlux | 1a61e1eea5 | |
TubbyCat | c449994e22 | |
TubbyCat | c7aef205b1 | |
TubbyCat | 7f2f8d20db | |
TubbyCat | 69bc7a5cbe | |
TubbyCat | 02e7e6bcbd | |
TubbyCat | e38c73e2d5 | |
TubbyCat | a378dd30cb |
|
@ -22,7 +22,7 @@ _____
|
|||
### Via APT (recommended)
|
||||
|
||||
```bash
|
||||
echo "deb [signed-by=/usr/share/keyrings/azlux-archive-keyring.gpg] http://packages.azlux.fr/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/azlux.list
|
||||
echo "deb [signed-by=/usr/share/keyrings/azlux-archive-keyring.gpg] http://packages.azlux.fr/debian/ bookworm main" | sudo tee /etc/apt/sources.list.d/azlux.list
|
||||
sudo wget -O /usr/share/keyrings/azlux-archive-keyring.gpg https://azlux.fr/repo.gpg
|
||||
sudo apt update
|
||||
sudo apt install log2ram
|
||||
|
|
|
@ -4,3 +4,20 @@ After=log2ram.service
|
|||
|
||||
[Service]
|
||||
ExecStart=/bin/systemctl reload log2ram.service
|
||||
|
||||
# Sandboxing
|
||||
LockPersonality=true
|
||||
MemoryDenyWriteExecute=true
|
||||
NoNewPriviliges=true
|
||||
PrivateDevices=true
|
||||
PrivateNetwork=true
|
||||
#May affect "Mail" in log2ram.conf.
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
RestrictSUIDSGID=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
|
|
|
@ -15,5 +15,25 @@ ExecReload=/usr/local/bin/log2ram write
|
|||
TimeoutStartSec=120
|
||||
RemainAfterExit=yes
|
||||
|
||||
# Sandboxing
|
||||
LockPersonality=true
|
||||
MemoryDenyWriteExecute=true
|
||||
NoNewPriviliges=true
|
||||
PrivateDevices=true
|
||||
PrivateNetwork=true
|
||||
#May break "MAIL" in log2ram.conf if it points to non-local web address.
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
RestrictSUIDSGID=true
|
||||
ProtectSystem=true
|
||||
# ALT: ProtectSystem=full # needs rw whitelisting for /var/hdd.log/
|
||||
ProtectHome=true
|
||||
#may cause breakage in situations wherein user has configured log2ram to also copy logs from $HOME.
|
||||
#can probably fix with systemctl edit to whitelist relevant dirs. See: ReadWritePaths=
|
||||
|
||||
[Install]
|
||||
WantedBy=sysinit.target
|
||||
|
|
Loading…
Reference in New Issue