diff options
Diffstat (limited to 'roles/common/files/etc/systemd')
| -rw-r--r-- | roles/common/files/etc/systemd/system/bacula-fd.service.d/override.conf (renamed from roles/common/files/etc/systemd/system/bacula-fd.service) | 12 | ||||
| -rw-r--r-- | roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf | 5 | ||||
| -rw-r--r-- | roles/common/files/etc/systemd/system/munin-node.service.d/override.conf | 1 |
3 files changed, 5 insertions, 13 deletions
diff --git a/roles/common/files/etc/systemd/system/bacula-fd.service b/roles/common/files/etc/systemd/system/bacula-fd.service.d/override.conf index 119b3a2..537bf1e 100644 --- a/roles/common/files/etc/systemd/system/bacula-fd.service +++ b/roles/common/files/etc/systemd/system/bacula-fd.service.d/override.conf @@ -1,18 +1,9 @@ -[Unit] -Description=Bacula File Daemon service -After=network.target - [Service] -Type=simple -StandardOutput=syslog -ExecStart=/usr/sbin/bacula-fd -f -c /etc/bacula/bacula-fd.conf - # Hardening NoNewPrivileges=yes ProtectHome=read-only ProtectSystem=strict ReadWriteDirectories=/var/lib/bacula -RuntimeDirectory=bacula PrivateTmp=yes PrivateDevices=yes ProtectControlGroups=yes @@ -20,6 +11,3 @@ ProtectKernelModules=yes ProtectKernelTunables=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 CapabilityBoundingSet=CAP_DAC_READ_SEARCH - -[Install] -WantedBy=multi-user.target diff --git a/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf b/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf index e3e651f..b34d130 100644 --- a/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf +++ b/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf @@ -2,13 +2,16 @@ After=nftables.service [Service] +ExecStartPre= +ExecStart= +ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start + # Need explicit rights to read logs as we don't grant CAP_DAC_READ_SEARCH SupplementaryGroups=adm # Hardening NoNewPrivileges=yes ProtectSystem=strict -ReadWriteDirectories=/var/log/fail2ban RuntimeDirectory=fail2ban PrivateDevices=yes ProtectControlGroups=yes diff --git a/roles/common/files/etc/systemd/system/munin-node.service.d/override.conf b/roles/common/files/etc/systemd/system/munin-node.service.d/override.conf index 53747f6..fee16b3 100644 --- a/roles/common/files/etc/systemd/system/munin-node.service.d/override.conf +++ b/roles/common/files/etc/systemd/system/munin-node.service.d/override.conf @@ -1,4 +1,5 @@ [Service] +ExecStartPre= # Hardening NoNewPrivileges=yes |