-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathlinux-edr.service
More file actions
35 lines (32 loc) · 1.42 KB
/
linux-edr.service
File metadata and controls
35 lines (32 loc) · 1.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[Unit]
Description=Linux Endpoint Detection and Response
After=network.target
[Service]
Type=simple
User=linux-edr
Group=linux-edr
Environment="PYTHONUNBUFFERED=1"
Environment="PATH=/opt/linux-edr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
WorkingDirectory=/opt/linux-edr
ExecStartPre=/bin/sh -c 'echo 1 > /sys/kernel/tracing/events/syscalls/sys_enter_execve/enable'
ExecStartPre=/bin/sh -c 'echo 1 > /sys/kernel/tracing/events/syscalls/sys_exit_execve/enable'
ExecStartPre=/bin/sh -c 'echo 1 > /sys/kernel/tracing/events/syscalls/sys_enter_fork/enable'
ExecStartPre=/bin/sh -c 'echo 1 > /sys/kernel/tracing/events/syscalls/sys_exit_fork/enable'
ExecStartPre=/bin/sh -c 'echo 1 > /sys/kernel/tracing/events/syscalls/sys_enter_clone/enable'
ExecStartPre=/bin/sh -c 'echo 1 > /sys/kernel/tracing/events/syscalls/sys_exit_clone/enable'
ExecStartPre=/bin/sh -c 'echo 1 > /sys/kernel/tracing/events/syscalls/sys_enter_connect/enable'
ExecStartPre=/bin/sh -c 'echo 1 > /sys/kernel/tracing/events/syscalls/sys_exit_connect/enable'
ExecStart=uv run python -m linux_edr.cli run
Restart=on-failure
RestartSec=5
StandardOutput=journal
StandardError=journal
# Security hardening
ProtectSystem=full
ReadWritePaths=/var/log/linux-edr /etc/linux_edr /opt/linux-edr
PrivateTmp=true
NoNewPrivileges=false
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_SYS_ADMIN
AmbientCapabilities=CAP_DAC_OVERRIDE CAP_SYS_ADMIN
[Install]
WantedBy=multi-user.target