52c9f2f6f4
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
- Add Reopenable interface in api/types.go for log rotation support - Add FileWriter.Reopen() method to reopen log files after rotation - Add MultiWriter.Reopen() method to propagate rotation to all writers - Update main.go to handle SIGHUP signal for systemctl reload - Add logrotate configuration file (packaging/logrotate/ja4sentinel) - Update systemd service with ExecReload for graceful rotation - Update architecture.yml with logrotate documentation - Update RPM spec and Dockerfile.package to include logrotate files - Bump version to 1.1.0 Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
43 lines
1011 B
Desktop File
43 lines
1011 B
Desktop File
[Unit]
|
|
Description=JA4 client fingerprinting daemon
|
|
Documentation=https://github.com/your-repo/ja4sentinel
|
|
After=network.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=notify
|
|
User=root
|
|
Group=root
|
|
WorkingDirectory=/var/lib/ja4sentinel
|
|
ExecStart=/usr/bin/ja4sentinel --config /etc/ja4sentinel/config.yml
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
Restart=on-failure
|
|
RestartSec=5
|
|
WatchdogSec=30
|
|
TimeoutStopSec=2
|
|
NotifyAccess=main
|
|
Environment=JA4SENTINEL_LOG_LEVEL=info
|
|
|
|
# Security hardening (compatible with root for packet capture)
|
|
ProtectSystem=strict
|
|
ProtectHome=yes
|
|
PrivateTmp=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelModules=yes
|
|
ProtectControlGroups=yes
|
|
RestrictRealtime=yes
|
|
RestrictSUIDSGID=yes
|
|
LockPersonality=yes
|
|
ReadWritePaths=/var/lib/ja4sentinel /var/log/ja4sentinel
|
|
|
|
# Capabilities for packet capture (inherited by root)
|
|
AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
|
|
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
|
|
|
|
# Resource limits
|
|
LimitNOFILE=65536
|
|
LimitNPROC=64
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|