From 89f8d515746f459d7ca8e6261bd590bd1b4602bd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 04:58:04 +0200 Subject: Adding debian version 1.44.3-2. Signed-off-by: Daniel Baumann --- debian/netdata-core.netdata.service | 56 +++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 debian/netdata-core.netdata.service (limited to 'debian/netdata-core.netdata.service') diff --git a/debian/netdata-core.netdata.service b/debian/netdata-core.netdata.service new file mode 100644 index 00000000..fb62d077 --- /dev/null +++ b/debian/netdata-core.netdata.service @@ -0,0 +1,56 @@ +# netdata systemd target + +[Unit] +Description=netdata - Real-time performance monitoring +Documentation=man:netdata +Documentation=file:///usr/share/doc/netdata/html/index.html +Documentation=https://github.com/netdata/netdata +After=network-online.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service +ConditionPathExists=/etc/netdata/netdata.conf + +[Service] +Type=simple +Environment="netdata_LOG_LOCATION=/var/log/netdata/log" +ExecStart=/usr/sbin/netdata -D +TimeoutStopSec=10 +KillMode=mixed +KillSignal=SIGTERM +OOMScoreAdjust=-900 + +User=netdata +Group=netdata +Restart=on-abnormal +RestartSec=2s +LimitNOFILE=65536 + +WorkingDirectory=/tmp + +# Hardening + +NoNewPrivileges=false +PermissionsStartOnly=true +# CAP_SETGID is required for setgroups() +# CAP_NET_RAW is needed by fping, see #864370 +CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID CAP_NET_RAW CAP_AUDIT_WRITE +PrivateTmp=true +ProtectHome=read-only +ProtectSystem=full + +ReadOnlyDirectories=/ +ReadWriteDirectories=/dev +ReadWriteDirectories=/proc/self +ReadWriteDirectories=/var/cache/netdata +ReadWriteDirectories=/var/lib/netdata +ReadWriteDirectories=/var/log +ReadWriteDirectories=/var/spool +ReadWriteDirectories=/run + +RuntimeDirectory=netdata + +# Access to devices and kernel modules and tunables is required +PrivateDevices=no +ProtectKernelModules=no +ProtectKernelTunables=no + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3