Jeff Mahoney
0c4d6def1a
- Added workaround for missing Maintainers tag in Debian-based packages. obs-service-format_spec_file strips the Packager tag from the spec file before committing. The build service replaces it with its own. debbuild expects the Packager field to be present to generate the Maintainers tag in the output but it only receives the "cleaned" spec file. - Added Recommends: auditd - Technically not *required* but Velociraptor's audit client enables audit and then listens on the multicast socket. Without a listener on the unicast socket, the kernel will spam the system log with events. - Fixed debian packaging: * /etc/sysconfig -> /etc/default * %postun for systemd service cleanup * Note: obs-service-format_spec_file strips the Packager tag that debbuild uses to generate the Maintainer tag OBS-URL: https://build.opensuse.org/request/show/1134354 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=59
25 lines
583 B
Desktop File
25 lines
583 B
Desktop File
[Unit]
|
|
Description=Velociraptor Server Service
|
|
|
|
[Service]
|
|
Type=simple
|
|
UMask=0027
|
|
User=velociraptor
|
|
Group=velociraptor
|
|
EnvironmentFile=-/etc/sysconfig/velociraptor
|
|
EnvironmentFile=-/etc/default/velociraptor
|
|
Environment=TMPDIR=/var/lib/velociraptor/tmp
|
|
ExecStart=/usr/bin/velociraptor frontend --verbose --config /etc/velociraptor/server.config $VELOCIRAPTOR_OPTS
|
|
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
MemoryDenyWriteExecute=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|