diff options
| author | George Rawlinson | 2020-11-26 12:22:47 +1300 |
|---|---|---|
| committer | George Rawlinson | 2020-11-26 12:22:47 +1300 |
| commit | 8c2bd27002924e8cde436605ed9e203a975c7ac5 (patch) | |
| tree | b65c94a04bd04faf4bbc01d48fbe1c92a180d5aa | |
| parent | 63da275e3ffbb19089f9b9924d022a85e261147b (diff) | |
| download | aur-8c2bd27002924e8cde436605ed9e203a975c7ac5.tar.gz | |
upgpkg: prometheus-apcupsd-exporter 0.2.0-2
harden systemd service
| -rw-r--r-- | .SRCINFO | 4 | ||||
| -rw-r--r-- | PKGBUILD | 4 | ||||
| -rw-r--r-- | prometheus-apcupsd-exporter.service | 30 |
3 files changed, 33 insertions, 5 deletions
@@ -1,7 +1,7 @@ pkgbase = prometheus-apcupsd-exporter pkgdesc = Prometheus exporter for apcupsd metrics pkgver = 0.2.0 - pkgrel = 1 + pkgrel = 2 url = https://github.com/mdlayher/apcupsd_exporter arch = x86_64 license = MIT @@ -13,7 +13,7 @@ pkgbase = prometheus-apcupsd-exporter source = prometheus-apcupsd-exporter.sysusers b2sums = 1088e2ea94566b68ed021216d62d405e802ffd575c6ea26f9ebd6d2910091876d80a19e5ffdd58cb3c3cd0e74710c1831606bdc2040b3390e0a537c72e52c2a8 b2sums = 2159bae9adb5a5af4bdec96a593a1988ebb80c3716284fe9c7d765f8ca10992c5db877d395ced0a5bace3e075145ebc2a50f02eb0f11bda7ba145e0fa98c8e43 - b2sums = 11728a44727abb45ca975da8f23e7ecd847d37d6cbf8ef464e8ec26d1abd6b250499e12c9fed87b5b481f3af31e7df6b2d76781bf35dc612a7cf0b683fdc61b4 + b2sums = b5b50dc0b5d707c338268f9b0265deeffa4e1ec87cb12b8520248205e809c569e84dedd69dd4118a0fb97bff6d7c213275dce3bc911ddfc2243769ebf7bdaf0e b2sums = 1a9e982c7bed03f2f29e45d40374044860aa6e05f877a66ce8900c6a088eddd2f30dc8335be3690edb410ab780ef655d402a528214e0b676da684536f9ae6687 pkgname = prometheus-apcupsd-exporter @@ -3,7 +3,7 @@ pkgname=prometheus-apcupsd-exporter _pkgname=apcupsd_exporter pkgver=0.2.0 -pkgrel=1 +pkgrel=2 pkgdesc="Prometheus exporter for apcupsd metrics" arch=(x86_64) url="https://github.com/mdlayher/apcupsd_exporter" @@ -16,7 +16,7 @@ source=("$pkgname-$pkgver.tar.gz::$url/archive/v$pkgver.tar.gz" "$pkgname.sysusers") b2sums=('1088e2ea94566b68ed021216d62d405e802ffd575c6ea26f9ebd6d2910091876d80a19e5ffdd58cb3c3cd0e74710c1831606bdc2040b3390e0a537c72e52c2a8' '2159bae9adb5a5af4bdec96a593a1988ebb80c3716284fe9c7d765f8ca10992c5db877d395ced0a5bace3e075145ebc2a50f02eb0f11bda7ba145e0fa98c8e43' - '11728a44727abb45ca975da8f23e7ecd847d37d6cbf8ef464e8ec26d1abd6b250499e12c9fed87b5b481f3af31e7df6b2d76781bf35dc612a7cf0b683fdc61b4' + 'b5b50dc0b5d707c338268f9b0265deeffa4e1ec87cb12b8520248205e809c569e84dedd69dd4118a0fb97bff6d7c213275dce3bc911ddfc2243769ebf7bdaf0e' '1a9e982c7bed03f2f29e45d40374044860aa6e05f877a66ce8900c6a088eddd2f30dc8335be3690edb410ab780ef655d402a528214e0b676da684536f9ae6687') prepare() { diff --git a/prometheus-apcupsd-exporter.service b/prometheus-apcupsd-exporter.service index 307210718819..c067fdd48a30 100644 --- a/prometheus-apcupsd-exporter.service +++ b/prometheus-apcupsd-exporter.service @@ -10,8 +10,36 @@ ExecReload=/bin/kill -HUP $MAINPID User=apcupsd-exporter Group=apcupsd-exporter Restart=on-failure +RestartSec=5s + NoNewPrivileges=true -ProtectSystem=true +LimitNOFILE=1048576 +UMask=0077 + +ProtectSystem=strict +ProtectHome=true +PrivateUsers=yes +PrivateTmp=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=true +LockPersonality=true +MemoryDenyWriteExecute=true +RestrictRealtime=true +RestrictSUIDSGID=true +RemoveIPC=true +CapabilityBoundingSet= +AmbientCapabilities= + +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallArchitectures=native [Install] WantedBy=multi-user.target |