From 0bbc0c292e607f3a40017a23d237c5d44eb30783 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 6 May 2024 03:22:32 +0200 Subject: Adding debian version 1.12.0-1+deb10u1. Signed-off-by: Daniel Baumann --- debian/netdata-core.netdata.service | 52 +++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 debian/netdata-core.netdata.service (limited to 'debian/netdata-core.netdata.service') diff --git a/debian/netdata-core.netdata.service b/debian/netdata-core.netdata.service new file mode 100644 index 0000000..64bbabd --- /dev/null +++ b/debian/netdata-core.netdata.service @@ -0,0 +1,52 @@ +# netdata systemd target + +[Unit] +Description=netdata - Real-time performance monitoring +Documentation=man:netdata +Documentation=file:///usr/share/doc/netdata/html/index.html +Documentation=https://github.com/netdata/netdata +After=network-online.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service +ConditionPathExists=/etc/netdata/netdata.conf + +[Service] +Type=simple +Environment="netdata_LOG_LOCATION=/var/log/netdata/log" +ExecStart=/usr/sbin/netdata -D +TimeoutStopSec=10 +KillMode=mixed +KillSignal=SIGTERM +OOMScoreAdjust=-900 + +User=netdata +Group=netdata +Restart=on-abnormal +RestartSec=2s +LimitNOFILE=65536 + +WorkingDirectory=/tmp + +# Hardening + +NoNewPrivileges=false +PermissionsStartOnly=true +# CAP_SETGID is required for setgroups() +# CAP_NET_RAW is needed by fping, see #864370 +CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID CAP_NET_RAW +PrivateTmp=true +ProtectHome=read-only +ProtectSystem=full + +ReadOnlyDirectories=/ +ReadWriteDirectories=/proc/self +ReadWriteDirectories=/var + +# Access to devices and kernel modules and tunables is required +PrivateDevices=no +ProtectKernelModules=no +ProtectKernelTunables=no + +StandardOutput=syslog+console +StandardError=syslog+console + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3