mirror of
https://github.com/falcosecurity/falco.git
synced 2025-09-09 02:29:36 +00:00
cleanup: rename plugin unit into custom unit
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
This commit is contained in:
Andrea Terzolo
poiana
28
scripts/systemd/falco-custom.service
Normal file
28
scripts/systemd/falco-custom.service
Normal file
@@ -0,0 +1,28 @@
|
||||
[Unit]
|
||||
Description=Falco: Container Native Runtime Security with custom configuration
|
||||
Documentation=https://falco.org/docs/
|
||||
Before=falcoctl-artifact-follow.service
|
||||
Wants=falcoctl-artifact-follow.service
|
||||
Conflicts=falco-kmod.service
|
||||
Conflicts=falco-bpf.service
|
||||
Conflicts=falco-modern-bpf.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=%u
|
||||
ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
|
||||
UMask=0077
|
||||
TimeoutSec=30
|
||||
RestartSec=15s
|
||||
Restart=on-failure
|
||||
PrivateTmp=true
|
||||
NoNewPrivileges=yes
|
||||
ProtectHome=read-only
|
||||
ProtectSystem=full
|
||||
ProtectKernelTunables=true
|
||||
RestrictRealtime=true
|
||||
RestrictAddressFamilies=~AF_PACKET
|
||||
StandardOutput=null
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user