Update service units

* Use Type=simple and add --foreground
* Better resources limits
* Better system protection for proxy and server

zabbix-agent.service

@@ -3,9 +3,8 @@ Description=Zabbix Monitoring Agent
 After=syslog.target network.target
 
 [Service]
-Type=forking
+Type=simple
-ExecStart=/usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
+ExecStart=/usr/sbin/zabbix_agentd --config /etc/zabbix/zabbix_agentd.conf --foreground
-PIDFile=/var/run/zabbix/zabbix_agentd.pid
 Restart=always
 User=zabbix
 Group=zabbix

zabbix-proxy.service

@@ -3,16 +3,18 @@ Description=Zabbix Proxy
 After=syslog.target network.target
 
 [Service]
-Type=forking
+Type=simple
-ExecStart=/usr/sbin/zabbix_proxy -c /etc/zabbix/zabbix_proxy.conf
+ExecStart=/usr/sbin/zabbix_proxy --cconfig /etc/zabbix/zabbix_proxy.conf --foreground
 ExecReload=/usr/sbin/zabbix_proxy -R config_cache_reload
-PIDFile=/var/run/zabbix/zabbix_proxy.pid
-PrivateTmp=yes
 CPUShares=512
-MemoryLimit=50M
+MemoryLimit=500M
 BlockIOWeight=500
-InaccessibleDirectories=/home
+PrivateTmp=yes
-ReadOnlyDirectories=/etc /usr
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+Restart=always
 
 [Install]
 WantedBy=multi-user.target

zabbix-server.service

@@ -3,15 +3,16 @@ Description=Zabbix Server
 After=syslog.target network.target
 
 [Service]
-Type=forking
+Type=simple
-ExecStart=/usr/sbin/zabbix_server -c /etc/zabbix/zabbix_server.conf
+ExecStart=/usr/sbin/zabbix_server --config /etc/zabbix/zabbix_server.conf --foreground
 ExecReload=/usr/sbin/zabbix_server -R config_cache_reload
-PIDFile=/var/run/zabbix/zabbix_server.pid
+MemoryLimit=2048M
-PrivateTmp=yes
-MemoryLimit=500M
 BlockIOWeight=500
-InaccessibleDirectories=/home
+PrivateTmp=yes
-ReadOnlyDirectories=/etc /usr
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
 
 [Install]
 WantedBy=multi-user.target