d6b54a3912
resolves: rhbz#2157805 imjournal: by default retrieves _PID from journal as PID number resolves: rhbz#2176397 Systemd service file hardening resolves: rhbz#2176403 rsyslog.conf: load imuxsock and imjournal before loading rsyslog.d resolves: rhbz#2165899 rsyslog is now started after the network service during boot resolves: rhbz#2074318 imjournal: add second fallback to the message identifier resolves: rhbv#2129015
37 lines
999 B
Desktop File
37 lines
999 B
Desktop File
[Unit]
|
|
Description=System Logging Service
|
|
;Requires=syslog.socket
|
|
Wants=network.target network-online.target
|
|
After=network.target network-online.target
|
|
Documentation=man:rsyslogd(8)
|
|
Documentation=https://www.rsyslog.com/doc/
|
|
|
|
[Service]
|
|
Type=notify
|
|
EnvironmentFile=-/etc/sysconfig/rsyslog
|
|
ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS
|
|
ExecReload=/usr/bin/kill -HUP $MAINPID
|
|
UMask=0066
|
|
StandardOutput=null
|
|
Restart=on-failure
|
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
|
RestrictNamespaces=net
|
|
NoNewPrivileges=yes
|
|
ProtectControlGroups=yes
|
|
ProtectHome=read-only
|
|
ProtectKernelModules=yes
|
|
ProtectKernelTunables=yes
|
|
RestrictSUIDSGID=yes
|
|
SystemCallArchitectures=native
|
|
SystemCallFilter=~@clock @debug @module @raw-io @reboot @swap @cpu-emulation @obsolete
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=yes
|
|
|
|
# Increase the default a bit in order to allow many simultaneous
|
|
# files to be monitored, we might need a lot of fds.
|
|
LimitNOFILE=16384
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
;Alias=syslog.service
|