code_public/ja4sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d22b0634dad6818199a3cd90197c8c9ee64cb43b
ja4sentinel/packaging/systemd/ja4sentinel.service
toto bd45344d19 v1.1.11: Fix exclude_source_ips config loading and debug logging 
Major fixes:
- Add exclude_source_ips to mergeConfigs() - config file values now properly loaded
- Add validation for exclude_source_ips (IP/CIDR format validation)
- Remove JA4SENTINEL_LOG_LEVEL env var from systemd service
- Config file log_level now respected without env override

Debug logging improvements:
- Log IP filter entries at startup (debug mode)
- Track filtered packet count with atomic counter
- Display filter statistics at shutdown via GetFilterStats()
- New debug logs in tlsparse component

Testing:
- Add 6 new unit tests for exclude_source_ips and log_level config loading
- Test mergeConfigs() behavior with empty/override values
- Test validation of invalid IPs and CIDR ranges

Documentation:
- Update architecture.yml with ipfilter module
- Document config loading priority and notes
- Update api.Config fields (LocalIPs, ExcludeSourceIPs, LogLevel)

Files changed:
- internal/config/loader.go (merge, validation, helpers)
- internal/config/loader_test.go (6 new tests)
- internal/tlsparse/parser.go (GetFilterStats, counter)
- cmd/ja4sentinel/main.go (debug logging)
- packaging/systemd/ja4sentinel.service (remove env var)
- architecture.yml (ipfilter module, config_loading section)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-03-04 15:55:00 +01:00

42 lines
972 B
Desktop File
Raw Blame History

[Unit]
Description=JA4 client fingerprinting daemon
Documentation=https://github.com/your-repo/ja4sentinel
After=network.target
Wants=network-online.target
[Service]
Type=notify
User=root
Group=root
WorkingDirectory=/var/lib/ja4sentinel
ExecStart=/usr/bin/ja4sentinel --config /etc/ja4sentinel/config.yml
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5
WatchdogSec=30
TimeoutStopSec=2
NotifyAccess=main
# Security hardening (compatible with root for packet capture)
ProtectSystem=strict
ProtectHome=yes
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
LockPersonality=yes
ReadWritePaths=/var/lib/ja4sentinel /var/log/ja4sentinel
# Capabilities for packet capture (inherited by root)
AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
# Resource limits
LimitNOFILE=65536
LimitNPROC=64
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink