new(scrips): improve systemd units for rpm and debian.

Unify them; plus, rework systemd units to support eBPF too.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

scripts/systemd/falco-ebpf.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=Falco: Container Native Runtime Security with ebpf
+Documentation=https://falco.org/docs/
+PartOf=falco@ebpf.target
+Conflicts=falco-kmod.service
+
+[Service]
+Type=simple
+User=root
+Environment=FALCO_BPF_PROBE=
+ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
+UMask=0077
+TimeoutSec=30
+RestartSec=15s
+Restart=on-failure
+PrivateTmp=true
+NoNewPrivileges=yes
+ProtectHome=read-only
+ProtectSystem=full
+ProtectKernelTunables=true
+RestrictRealtime=true
+RestrictAddressFamilies=~AF_PACKET
+StandardOutput=null

scripts/systemd/falco-kmod-inject.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Falco: Container Native Runtime Security with kmod, inject.
+Documentation=https://falco.org/docs/
+PartOf=falco@kmod.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+User=root
+ExecStart=/sbin/modprobe falco
+ExecStop=/sbin/rmmod falco

scripts/systemd/falco-kmod.service

@@ -0,0 +1,25 @@
+[Unit]
+Description=Falco: Container Native Runtime Security with kmod
+Documentation=https://falco.org/docs/
+After=falco-kmod-inject.service
+Requires=falco-kmod-inject.service
+PartOf=falco@kmod.target
+Conflicts=falco-ebpf.service
+
+[Service]
+Type=simple
+User=root
+ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
+UMask=0077
+TimeoutSec=30
+RestartSec=15s
+Restart=on-failure
+PrivateTmp=true
+NoNewPrivileges=yes
+ProtectHome=read-only
+ProtectSystem=full
+ProtectKernelTunables=true
+ReadWritePaths=/sys/module/falco
+RestrictRealtime=true
+RestrictAddressFamilies=~AF_PACKET
+StandardOutput=null

scripts/systemd/falco@.target

@@ -0,0 +1,7 @@
+[Unit]
+Description=Falco generic startup target [kmod,ebpf]
+Requires=multi-user.target falco-%i.service
+After=multi-user.target
+
+[Install]
+WantedBy=multi-user.target