Version: 2.8.1

⚙️ Systemd

Running Jibril as a systemd service is the recommended way to deploy Jibril in production when not using a containerized deployment. This method provides automatic startup, process supervision, and integration with system logging.

🚀 Quick Start

1️⃣ Download Jibril

Download Jibril:

sudo curl -L -o /usr/bin/jibril https://github.com/garnet-org/jibril-releases/releases/download/v2.8/loader

Make it executable:

sudo chmod +x /usr/bin/jibril

Check version:

jibril --version

2️⃣ Install Service

# Install service and configuration files
sudo jibril --systemd install

This command creates the following files:

File	Description
`/etc/systemd/system/jibril.service`	Systemd service unit file
`/etc/jibril/config.yaml`	Main configuration file
`/etc/jibril/netpolicy.yaml`	Network policy configuration
`/etc/jibril/recipes/*.yaml`	Detection recipes (optional)

3️⃣ Configure Jibril

Edit the configuration file to customize Jibril's behavior:

# Edit main configuration
sudo vi /etc/jibril/config.yaml

📖 See Configuration Guide for detailed configuration options.

⚠️ Important

The default configuration includes pre-configured plugins and detections. Always review and customize for your environment:

✅ Enable only the components you need
✅ Adjust resource limits and thresholds
✅ Configure appropriate output destinations
✅ Test thoroughly in a staging environment first

Failing to optimize the configuration may result in unnecessary resource usage or missed detections.

4️⃣ Enable and Start

# Enable service (auto-start on boot) and start immediately
sudo jibril --systemd enable-now

📊 Service Management

🔍 Check Status

# View service status
sudo systemctl status jibril

# Check if service is running
sudo systemctl is-active jibril

# Check if service is enabled
sudo systemctl is-enabled jibril

🔄 Control Service

# Start service
sudo systemctl start jibril

# Stop service
sudo systemctl stop jibril

# Restart service
sudo systemctl restart jibril

# Reload configuration
sudo systemctl reload jibril

⚙️ Enable/Disable

# Enable auto-start on boot
sudo systemctl enable jibril

# Disable auto-start
sudo systemctl disable jibril

# Enable and start now
sudo jibril --systemd enable-now

# Disable and stop now
sudo jibril --systemd disable-now

📝 Viewing Logs

Jibril logs to multiple locations when running as a systemd service:

📋 Systemd Journal

Location: journalctl

Jibril's stdout and stderr:

# View all logs
sudo journalctl -u jibril

# Follow logs in real-time
sudo journalctl -u jibril -f

# View last 100 lines
sudo journalctl -u jibril -n 100

# View logs since boot
sudo journalctl -u jibril -b

📄 Event Log File

Location: /var/log/jibril.out

Detection events in JSON format:

# View events with jq
sudo cat /var/log/jibril.out | jq

# Follow events in real-time
sudo tail -f /var/log/jibril.out | jq

🔧 Advanced Configuration

Systemd Service Unit

View or customize the service unit file:

# View service unit
sudo systemctl cat jibril

# Edit service unit (creates override)
sudo systemctl edit jibril

Service Customization

🔄 Restart Behavior

# In service override
[Service]
Restart=always
RestartSec=10s

📊 Resource Limits

# In service override
[Service]
MemoryLimit=2G
CPUQuota=50%

📝 Custom Log Location

# In service override
[Service]
StandardOutput=append:/var/log/jibril-custom.log
StandardError=append:/var/log/jibril-error.log

🔄 Upgrading

# Stop current instance (if running)
sudo systemctl stop jibril

# Uninstall the current systemd service
sudo jibril --systemd uninstall

# Remove the binary
sudo rm /usr/bin/jibril

# Remove the configuration files (optional)
sudo rm -rf /etc/jibril

# Reload systemd
sudo systemctl daemon-reload

# Download new version
sudo curl -L -o /usr/bin/jibril https://github.com/garnet-org/jibril-releases/releases/download/v2.8/loader

# Make executable
sudo chmod +x /usr/bin/jibril

# Verify new version
jibril --version

Systemd installation creates files under /etc/jibril/ directory. Newer versions might need to update those files. Make sure to backup the files before updating.

# Install the new systemd service
sudo jibril --systemd install

# Enable and start the new systemd service
sudo jibril --systemd enable-now

🗑️ Uninstalling

To completely remove Jibril from the system:

# Stop current instance (if running)
sudo systemctl stop jibril

# Uninstall the current systemd service
sudo jibril --systemd uninstall

# Remove the binary
sudo rm /usr/bin/jibril

# Remove the configuration files (optional)
sudo rm -rf /etc/jibril

# Reload systemd
sudo systemctl daemon-reload

🎓 Tips & Best Practices

✅ Best Practices

📝 Review and customize config before enabling
🔄 Use systemctl reload for config changes
📊 Monitor logs regularly with journalctl
🔒 Backup /etc/jibril/ before updates
🧪 Test config changes on non-prod first

⚠️ Common Issues

❌ Service fails to start → Check journalctl logs
❌ Permission denied → Verify root privileges
❌ Config not applied → Restart service fully
❌ High CPU usage → Review cadence settings
❌ No events logged → Check printer config

🚀 Next Steps

⚙️

Configuration

Customize Jibril's behavior

🎨

Customization

Create custom detections

🚀 Quick Start​

1️⃣ Download Jibril​

2️⃣ Install Service​

3️⃣ Configure Jibril​

4️⃣ Enable and Start​

📊 Service Management​

🔍 Check Status​

🔄 Control Service​

⚙️ Enable/Disable​

📝 Viewing Logs​

📋 Systemd Journal​

📄 Event Log File​

🔧 Advanced Configuration​

Systemd Service Unit​

Service Customization​

🔄 Restart Behavior​

📊 Resource Limits​

📝 Custom Log Location​

🔄 Upgrading​

🗑️ Uninstalling​

🎓 Tips & Best Practices​

✅ Best Practices​

⚠️ Common Issues​

🚀 Next Steps​