4d9421aa33
Fix wrong type conversion in cstrLen() resolves: rhbz#2157804 imjournal: by default retrieves _PID from journal as PID number resolves: rhbz#2176398 Systemd service file hardening resolves: rhbz#2176404
36 lines
960 B
Desktop File
36 lines
960 B
Desktop File
[Unit]
|
|
Description=System Logging Service
|
|
;Requires=syslog.socket
|
|
Wants=network.target network-online.target
|
|
After=network.target network-online.target
|
|
Documentation=man:rsyslogd(8)
|
|
Documentation=https://www.rsyslog.com/doc/
|
|
|
|
[Service]
|
|
Type=notify
|
|
EnvironmentFile=-/etc/sysconfig/rsyslog
|
|
ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS
|
|
UMask=0066
|
|
StandardOutput=null
|
|
Restart=on-failure
|
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
|
RestrictNamespaces=net
|
|
NoNewPrivileges=yes
|
|
ProtectControlGroups=yes
|
|
ProtectHome=read-only
|
|
ProtectKernelModules=yes
|
|
ProtectKernelTunables=yes
|
|
RestrictSUIDSGID=yes
|
|
SystemCallArchitectures=native
|
|
SystemCallFilter=~@clock @debug @module @raw-io @reboot @swap @cpu-emulation @obsolete
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=yes
|
|
|
|
# Increase the default a bit in order to allow many simultaneous
|
|
# files to be monitored, we might need a lot of fds.
|
|
LimitNOFILE=16384
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
;Alias=syslog.service
|