ansible-prometheus-snmp-exp.../templates/service

32 lines
710 B
Plaintext
Raw Normal View History

2020-11-04 13:40:50 +01:00
[Unit]
Description=Prometheus snmp Exporter
After=network.target
[Service]
ExecStart=/usr/local/bin/prometheus-snmp-exporter --config.file="/etc/prometheus/snmp.yml"
ExecReload=/bin/kill -HUP $MAINPID
DynamicUser=true
NoNewPrivileges=true
# binary in /usr/local/bin - not /bin
#ProtectSystem=full
ProtectKernelModules=true
ProtectKernelTunables=true
PrivateTmp=true
LockPersonality=true
ProtectHostname=true
ProtectHome=true
ProtectControlGroups=true
ProtectKernelLogs=true
PrivateDevices=true
RestrictRealtime=true
CapabilityBoundingSet=
MemoryDenyWriteExecute=true
CapabilityBoundingSet=CAP_NET_RAW
AmbientCapabilities=CAP_NET_RAW
# extra: icmp fix
PrivateUsers=false
[Install]
WantedBy=multi-user.target