Jeff Mahoney
0c4d6def1a
- Added workaround for missing Maintainers tag in Debian-based packages.
obs-service-format_spec_file strips the Packager tag from the spec file
before committing. The build service replaces it with its own. debbuild
expects the Packager field to be present to generate the Maintainers tag
in the output but it only receives the "cleaned" spec file.
- Added Recommends: auditd
- Technically not *required* but Velociraptor's audit client enables
audit and then listens on the multicast socket. Without a listener
on the unicast socket, the kernel will spam the system log with events.
- Fixed debian packaging:
* /etc/sysconfig -> /etc/default
* %postun for systemd service cleanup
* Note: obs-service-format_spec_file strips the Packager tag that
debbuild uses to generate the Maintainer tag
OBS-URL: https://build.opensuse.org/request/show/1134354
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=59
26 lines
600 B
Desktop File
26 lines
600 B
Desktop File
[Unit]
|
|
Description=Velociraptor Client Service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=root
|
|
Group=root
|
|
UMask=0027
|
|
MemoryHigh=4G
|
|
MemoryMax=8G
|
|
EnvironmentFile=-/etc/sysconfig/velociraptor-client
|
|
EnvironmentFile=-/etc/default/velociraptor-client
|
|
Environment=TMPDIR=/var/lib/velociraptor-client/tmp
|
|
ExecStart=/usr/bin/velociraptor-client client --config /etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS
|
|
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
MemoryDenyWriteExecute=true
|
|
Restart=on-failure
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|