54 lines
1.3 KiB
Desktop File
54 lines
1.3 KiB
Desktop File
# This file is systemd template for monit service. To
|
|
# register monit with systemd, place the monit.service file
|
|
# to the /lib/systemd/system/ directory and then start it
|
|
# using systemctl (see bellow).
|
|
#
|
|
# Enable monit to start on boot:
|
|
# systemctl enable monit.service
|
|
#
|
|
# Start monit immediately:
|
|
# systemctl start monit.service
|
|
#
|
|
# Stop monit:
|
|
# systemctl stop monit.service
|
|
#
|
|
# Status:
|
|
# systemctl status monit.service
|
|
|
|
[Unit]
|
|
Description=Pro-active monitoring utility for unix systems
|
|
After=network-online.target
|
|
Documentation=man:monit(1) https://mmonit.com/wiki/Monit/HowTo
|
|
|
|
[Service]
|
|
Type=simple
|
|
KillMode=process
|
|
ExecStart=/usr/bin/monit -I
|
|
ExecStop=/usr/bin/monit quit
|
|
ExecReload=/usr/bin/monit reload
|
|
Restart=on-abnormal
|
|
StandardOutput=null
|
|
|
|
# hardening options
|
|
# details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
|
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW CAP_SYS_PTRACE
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=true
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectClock=true
|
|
ProtectControlGroups=true
|
|
ProtectHome=yes
|
|
ProtectHostname=true
|
|
ProtectKernelLogs=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectSystem=strict
|
|
ReadWritePaths=/run/ /var/lib/monit/ /var/log/
|
|
RestrictRealtime=true
|
|
RestrictSUIDSGID=true
|
|
SystemCallArchitectures=native
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|