Skip to content

Latest commit

 

History

History
176 lines (137 loc) · 3.21 KB

SYSTEMD.md

File metadata and controls

176 lines (137 loc) · 3.21 KB

SysCapture Systemd Service Guide

Overview

This guide explains how to run SysCapture as a systemd service on Linux systems, providing automatic startup and service management.

Service Configuration

Create a systemd service file:

# filepath: /etc/systemd/system/syscapture.service
[Unit]
Description=SysCapture System Monitoring Service
After=network.target

[Service]
Type=simple
User=syscapture
Group=syscapture
ExecStart=/usr/local/bin/syscapture
WorkingDirectory=/etc/syscapture
Environment="CONFIG_FILE=/etc/syscapture/config.yml"
Environment="LOG_LEVEL=info"

# Restart configuration
Restart=always
RestartSec=10

# Security settings
NoNewPrivileges=yes
ProtectSystem=full
ProtectHome=yes
PrivateTmp=yes

[Install]
WantedBy=multi-user.target

Installation Steps

  1. Create system user and group:
sudo useradd -r -s /bin/false syscapture
  1. Create required directories:
sudo mkdir -p /etc/syscapture
sudo mkdir -p /var/log/syscapture
  1. Copy binary and configuration:
sudo cp syscapture /usr/local/bin/
sudo cp config.yml /etc/syscapture/
  1. Set permissions:
sudo chown -R syscapture:syscapture /etc/syscapture
sudo chown -R syscapture:syscapture /var/log/syscapture
sudo chmod 755 /usr/local/bin/syscapture

Service Management

Enable and Start Service

sudo systemctl enable syscapture
sudo systemctl start syscapture

Check Service Status

sudo systemctl status syscapture

View Logs

sudo journalctl -u syscapture -f

Stop Service

sudo systemctl stop syscapture

Configuration Example

Create configuration file:

# filepath: /etc/syscapture/config.yml
server:
  port: "42000"
  environment: "production"

security:
  auth:
    enabled: true
    secret: "${AUTH_SECRET}"

logging:
  level: "info"
  format: "json"
  output: "/var/log/syscapture/syscapture.log"

notifications:
  enabled: true
  # ...notification settings...

Environment Variables

Create environment file:

# filepath: /etc/syscapture/syscapture.env
AUTH_SECRET=your-secret-here
DISCORD_WEBHOOK=your-webhook-url

Update service to use environment file:

# filepath: /etc/systemd/system/syscapture.service
[Service]
# ...existing configuration...
EnvironmentFile=/etc/syscapture/syscapture.env

Security Considerations

  1. File Permissions:
sudo chmod 600 /etc/syscapture/config.yml
sudo chmod 600 /etc/syscapture/syscapture.env
  1. SELinux Context (if applicable):
sudo semanage fcontext -a -t bin_t "/usr/local/bin/syscapture"
sudo restorecon -v /usr/local/bin/syscapture

Troubleshooting

Check Service Errors

sudo systemctl status syscapture
sudo journalctl -u syscapture -n 50 --no-pager

Test Configuration

sudo -u syscapture /usr/local/bin/syscapture --config /etc/syscapture/config.yml --test

Common Issues

  1. Permission Denied:
sudo chown -R syscapture:syscapture /etc/syscapture
sudo chmod 755 /usr/local/bin/syscapture
  1. Service Won't Start:
sudo journalctl -u syscapture -f
sudo systemctl restart syscapture
  1. Configuration Errors:
sudo -u syscapture /usr/local/bin/syscapture --validate-config