feat: Universal Linux build + redesigned ostp-guard
- Build static musl binaries (work on any Linux distro) - Redesign ostp-guard with weighted scoring system (threshold: 4 points) - HIGH (2pts): Analysis tools (gdb/ida/ghidra), sandbox artifacts - MEDIUM (1pt): Low resources (<1GB RAM), suspicious env vars - Production VPS safe (1-2 points), sandbox blocked (4+ points) - Anti-debug: Windows (IsDebuggerPresent), Linux (/proc/self/status) - Deployment packages for Linux + Windows with SHA256 checksums
This commit is contained in:
23
dist/linux-amd64/oncp-master.service
vendored
Normal file
23
dist/linux-amd64/oncp-master.service
vendored
Normal file
@@ -0,0 +1,23 @@
|
||||
[Unit]
|
||||
Description=ONCP Master Node - CDN Control Plane
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=oncp
|
||||
Group=oncp
|
||||
WorkingDirectory=/var/lib/oncp
|
||||
ExecStart=/usr/local/bin/oncp-master serve --listen 0.0.0.0:8080 --database /var/lib/oncp/oncp.db --log-level info
|
||||
Restart=on-failure
|
||||
RestartSec=10s
|
||||
|
||||
# Security hardening
|
||||
NoNewPrivileges=true
|
||||
PrivateTmp=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
ReadWritePaths=/var/lib/oncp
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user