diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:22:32 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:22:32 +0000 |
commit | 0bbc0c292e607f3a40017a23d237c5d44eb30783 (patch) | |
tree | 550fdcacb3ba2f56c4a9cf93cab9581fd9b3ab97 /debian/netdata-core.netdata.service | |
parent | Adding upstream version 1.12.0. (diff) | |
download | netdata-0bbc0c292e607f3a40017a23d237c5d44eb30783.tar.xz netdata-0bbc0c292e607f3a40017a23d237c5d44eb30783.zip |
Adding debian version 1.12.0-1+deb10u1.debian/1.12.0-1+deb10u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/netdata-core.netdata.service')
-rw-r--r-- | debian/netdata-core.netdata.service | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/debian/netdata-core.netdata.service b/debian/netdata-core.netdata.service new file mode 100644 index 0000000..64bbabd --- /dev/null +++ b/debian/netdata-core.netdata.service @@ -0,0 +1,52 @@ +# netdata systemd target + +[Unit] +Description=netdata - Real-time performance monitoring +Documentation=man:netdata +Documentation=file:///usr/share/doc/netdata/html/index.html +Documentation=https://github.com/netdata/netdata +After=network-online.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service +ConditionPathExists=/etc/netdata/netdata.conf + +[Service] +Type=simple +Environment="netdata_LOG_LOCATION=/var/log/netdata/log" +ExecStart=/usr/sbin/netdata -D +TimeoutStopSec=10 +KillMode=mixed +KillSignal=SIGTERM +OOMScoreAdjust=-900 + +User=netdata +Group=netdata +Restart=on-abnormal +RestartSec=2s +LimitNOFILE=65536 + +WorkingDirectory=/tmp + +# Hardening + +NoNewPrivileges=false +PermissionsStartOnly=true +# CAP_SETGID is required for setgroups() +# CAP_NET_RAW is needed by fping, see #864370 +CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID CAP_NET_RAW +PrivateTmp=true +ProtectHome=read-only +ProtectSystem=full + +ReadOnlyDirectories=/ +ReadWriteDirectories=/proc/self +ReadWriteDirectories=/var + +# Access to devices and kernel modules and tunables is required +PrivateDevices=no +ProtectKernelModules=no +ProtectKernelTunables=no + +StandardOutput=syslog+console +StandardError=syslog+console + +[Install] +WantedBy=multi-user.target |