diff options
Diffstat (limited to 'debian/rsyslog.service')
| -rw-r--r-- | debian/rsyslog.service | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/debian/rsyslog.service b/debian/rsyslog.service new file mode 100644 index 0000000..5f591b1 --- /dev/null +++ b/debian/rsyslog.service @@ -0,0 +1,34 @@ +[Unit] +Description=System Logging Service +Requires=syslog.socket +Documentation=man:rsyslogd(8) +Documentation=man:rsyslog.conf(5) +Documentation=https://www.rsyslog.com/doc/ + +[Service] +Type=notify +ExecStart=/usr/sbin/rsyslogd -n -iNONE +StandardOutput=null +Restart=on-failure + +# Increase the default a bit in order to allow many simultaneous +# files to be monitored, we might need a lot of fds. +LimitNOFILE=16384 + +CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_DAC_OVERRIDE CAP_LEASE CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_SYSLOG +SystemCallFilter=@system-service +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectClock=yes +ProtectControlGroups=yes +ProtectHostname=yes + +[Install] +WantedBy=multi-user.target +Alias=syslog.service |