✏️ 正在编辑: imunify-antivirus.service
路径:
/lib/systemd/system/imunify-antivirus.service
提示:
您可以编辑任何文件(包括二进制文件),但请注意不当修改可能导致文件损坏。
[Unit] Description=ImunifyAV After=network.target Requires=imunify-antivirus.socket imunify-antivirus-user.socket imunify-antivirus-sensor.socket Wants=imunify-notifier.socket # Service will NOT start if this file exists ConditionPathExists=!/var/lib/rpm-state/imunify360-transaction-in-progress [Service] Environment=PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=cpp Environment=LANG=en_US.UTF-8 Environment=LC_ALL=en_US.UTF-8 Environment=PYTHONNOUSERSITE=1 Environment=SQLITE_TMPDIR=/var/imunify360/tmp Type=simple ExecStart=/usr/bin/imunify-service ExecStartPost=/bin/bash -c "echo $MAINPID > /var/run/imunify-antivirus.pid" PIDFile=/var/run/imunify-antivirus.pid #TODO: must be not less than defence360agent/cli/server.py:stop(seconds=8) TimeoutStopSec=90 RestartSec=5 StartLimitInterval=600s StartLimitBurst=5 # Orphans child processes instead of killing them when the main process is shut down. KillMode=process NoNewPrivileges=true CapabilityBoundingSet=CAP_BPF CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_PERFMON CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYS_RESOURCE AmbientCapabilities=CAP_BPF CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_PERFMON CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYS_RESOURCE ProtectSystem=true # AV runs the same Python package but only the AV-relevant subsystems; # /etc/init is the upstart override dir for legacy distros (pure-ftpd). # /etc/imunify360 is needed for user_config writes triggered by the # shared 'config update --user' RPC and migrations under # defence360agent/migrations/ (e.g. 153_migrate_config_default_action). ReadWritePaths=/etc/sysconfig/imunify360 ReadWritePaths=/etc/imunify360 ReadWritePaths=/etc/imunify-agent-proxy ReadWritePaths=/etc/cron.d ReadWritePaths=-/etc/init # iMAV runs the same proactive code path on solo cPanel and writes # the malware-list tempfiles in the Plesk modsec dir. ReadWritePaths=-/usr/share/i360-php-opts ReadWritePaths=-/etc/httpd/conf/modsecurity.d # iMAV solo-cPanel hits the same cPanel hook installer; cagefs lines # are harmless and future-proof on AV configs that don't use cagefs. ReadWritePaths=-/usr/local/cpanel ReadWritePaths=-/etc/cagefs ReadWritePaths=-/var/cagefs ReadWritePaths=-/usr/share/cagefs # Plesk plugin scripts dir: the agent installs/updates the # imunify360 Plesk extension's PHP scripts here. ReadWritePaths=-/usr/local/psa/admin/plib/modules/imunify360 # Plesk runtime state — notification log written by send-notifications.php # (/usr/local/psa/var/modules/imunify360/imunify360-local.log) and the # plesk-sendmail spool/tempfile dir. ProtectSystem=true bind-mounts /usr # read-only and CAP_DAC_OVERRIDE cannot bypass a mount-layer RO, so the # Plesk notification hook fails with EACCES without this entry. ReadWritePaths=-/usr/local/psa/var # PrivateTmp= deliberately not set — see imunify360.service for the # rationale (shared /tmp is required for the Sample backup backend # fixture and for inotify-watching user-writable /tmp on hosts). [Install] WantedBy=multi-user.target # Alias does not work in ubuntu. Used [Socket]Service= in imunify-antivirus-user.socket instead #Alias=imunify-antivirus-user.service
💾 保存文件
← 返回文件管理器