logrotate/logrotate.service

[Unit]
Description=Rotate log files
Documentation=man:logrotate(8) man:logrotate.conf(5)
RequiresMountsFor=/var/log
ConditionACPower=true

[Service]
Type=oneshot
ExecStartPre=/bin/sh -c "/usr/bin/systemctl set-environment etc_conf=" ; \
   /bin/sh -c "if [ -f /etc/logrotate.conf ]; then /usr/bin/systemctl set-environment etc_conf=/etc/logrotate.conf; fi" ; \
   /bin/sh -c "/usr/bin/systemctl set-environment usr_etc_conf=" ; \
   /bin/sh -c "if [ -f /usr/etc/logrotate.conf ]; then /usr/bin/systemctl set-environment usr_etc_conf=/usr/etc/logrotate.conf; fi" ; \
   /bin/sh -c "/usr/bin/systemctl set-environment usr_etc_dir=" ; \
   /bin/sh -c "if [ -d /usr/etc/logrotate.d ]; then /usr/bin/systemctl set-environment usr_etc_dir=/usr/etc/logrotate.d; fi" ; \
   /bin/sh -c "/usr/bin/systemctl set-environment etc_dir=" ; \
   /bin/sh -c "if [ -d /etc/logrotate.d ]; then /usr/bin/systemctl set-environment etc_dir=/etc/logrotate.d; fi"
ExecStart=/bin/sh -c "/usr/sbin/logrotate ${usr_etc_conf} ${etc_conf} ${etc_dir} ${usr_etc_dir}"

# performance options
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
Environment=HOME=/root

# hardening options
#  details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
#  no ProtectHome for userdir logs
#  no PrivateNetwork for mail deliviery
#  no NoNewPrivileges for third party rotate scripts
#  no RestrictSUIDSGID for creating setgid directories
LockPersonality=true
MemoryDenyWriteExecute=true
PrivateDevices=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
RestrictNamespaces=true
RestrictRealtime=true
Accepting request 957379 from home:schubi2 - Added own logrotate.service file in order to define a new order of parsed config files: /usr/etc/logrotate.conf Default configuration file defined by the vendor. /usr/etc/logrotate.d/* Directory for additional configuration files defined by the vendor. /etc/logrotate.conf Default configuration file defined by the administrator. (optional) /etc/logrotate.d/* Directory for additional configuration files defined by the administrator. (optional) - New logrotate.service includes logrotate-3.19.0-systemd_add_home_env patch. - Adapted man page: logrotate-3.19.0-man_logrotate.patch OBS-URL: https://build.opensuse.org/request/show/957379 OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=94 2022-03-03 10:13:28 +00:00			`[Unit]`
			`Description=Rotate log files`
			`Documentation=man:logrotate(8) man:logrotate.conf(5)`
			`RequiresMountsFor=/var/log`
			`ConditionACPower=true`

			`[Service]`
			`Type=oneshot`
			`ExecStartPre=/bin/sh -c "/usr/bin/systemctl set-environment etc_conf=" ; \`
			`/bin/sh -c "if [ -f /etc/logrotate.conf ]; then /usr/bin/systemctl set-environment etc_conf=/etc/logrotate.conf; fi" ; \`
Accepting request 1003701 from home:schubi2 - Ignoring vendor logs settings in /usr/etc/logrotate.d if they have already been defined by the the admin in the /etc/logrotate.d directory (bsc#1173319). OBS-URL: https://build.opensuse.org/request/show/1003701 OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=103 2022-09-15 17:05:18 +00:00			`/bin/sh -c "/usr/bin/systemctl set-environment usr_etc_conf=" ; \`
			`/bin/sh -c "if [ -f /usr/etc/logrotate.conf ]; then /usr/bin/systemctl set-environment usr_etc_conf=/usr/etc/logrotate.conf; fi" ; \`
			`/bin/sh -c "/usr/bin/systemctl set-environment usr_etc_dir=" ; \`
			`/bin/sh -c "if [ -d /usr/etc/logrotate.d ]; then /usr/bin/systemctl set-environment usr_etc_dir=/usr/etc/logrotate.d; fi" ; \`
Accepting request 957379 from home:schubi2 - Added own logrotate.service file in order to define a new order of parsed config files: /usr/etc/logrotate.conf Default configuration file defined by the vendor. /usr/etc/logrotate.d/* Directory for additional configuration files defined by the vendor. /etc/logrotate.conf Default configuration file defined by the administrator. (optional) /etc/logrotate.d/* Directory for additional configuration files defined by the administrator. (optional) - New logrotate.service includes logrotate-3.19.0-systemd_add_home_env patch. - Adapted man page: logrotate-3.19.0-man_logrotate.patch OBS-URL: https://build.opensuse.org/request/show/957379 OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=94 2022-03-03 10:13:28 +00:00			`/bin/sh -c "/usr/bin/systemctl set-environment etc_dir=" ; \`
			`/bin/sh -c "if [ -d /etc/logrotate.d ]; then /usr/bin/systemctl set-environment etc_dir=/etc/logrotate.d; fi"`
Accepting request 1003701 from home:schubi2 - Ignoring vendor logs settings in /usr/etc/logrotate.d if they have already been defined by the the admin in the /etc/logrotate.d directory (bsc#1173319). OBS-URL: https://build.opensuse.org/request/show/1003701 OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=103 2022-09-15 17:05:18 +00:00			`ExecStart=/bin/sh -c "/usr/sbin/logrotate ${usr_etc_conf} ${etc_conf} ${etc_dir} ${usr_etc_dir}"`
Accepting request 957379 from home:schubi2 - Added own logrotate.service file in order to define a new order of parsed config files: /usr/etc/logrotate.conf Default configuration file defined by the vendor. /usr/etc/logrotate.d/* Directory for additional configuration files defined by the vendor. /etc/logrotate.conf Default configuration file defined by the administrator. (optional) /etc/logrotate.d/* Directory for additional configuration files defined by the administrator. (optional) - New logrotate.service includes logrotate-3.19.0-systemd_add_home_env patch. - Adapted man page: logrotate-3.19.0-man_logrotate.patch OBS-URL: https://build.opensuse.org/request/show/957379 OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=94 2022-03-03 10:13:28 +00:00
			`# performance options`
			`Nice=19`
			`IOSchedulingClass=best-effort`
			`IOSchedulingPriority=7`
			`Environment=HOME=/root`

			`# hardening options`
			`# details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html`
			`# no ProtectHome for userdir logs`
			`# no PrivateNetwork for mail deliviery`
			`# no NoNewPrivileges for third party rotate scripts`
			`# no RestrictSUIDSGID for creating setgid directories`
			`LockPersonality=true`
			`MemoryDenyWriteExecute=true`
			`PrivateDevices=true`
			`PrivateTmp=true`
			`ProtectClock=true`
			`ProtectControlGroups=true`
			`ProtectHostname=true`
			`ProtectKernelLogs=true`
			`ProtectKernelModules=true`
			`ProtectKernelTunables=true`
			`ProtectSystem=full`
			`RestrictNamespaces=true`
			`RestrictRealtime=true`