1 |
dmorgan |
196574 |
[Unit] |
2 |
colin |
232395 |
Description=Anonymizing overlay network for TCP |
3 |
|
|
After=syslog.target network.target nss-lookup.target |
4 |
wally |
913975 |
PartOf=tor-master.service |
5 |
|
|
ReloadPropagatedFrom=tor-master.service |
6 |
dmorgan |
196574 |
|
7 |
|
|
[Service] |
8 |
wally |
913975 |
Type=notify |
9 |
|
|
NotifyAccess=all |
10 |
|
|
ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify-config |
11 |
|
|
ExecStart=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc |
12 |
|
|
ExecReload=/bin/kill -HUP ${MAINPID} |
13 |
|
|
KillSignal=SIGINT |
14 |
colin |
232395 |
TimeoutSec=30 |
15 |
|
|
Restart=on-failure |
16 |
wally |
913975 |
RestartSec=1 |
17 |
|
|
WatchdogSec=1m |
18 |
|
|
LimitNOFILE=32768 |
19 |
dmorgan |
196574 |
|
20 |
wally |
913975 |
# Hardening |
21 |
|
|
PrivateTmp=yes |
22 |
|
|
DeviceAllow=/dev/null rw |
23 |
|
|
DeviceAllow=/dev/urandom r |
24 |
|
|
ProtectHome=yes |
25 |
|
|
ProtectSystem=full |
26 |
|
|
ReadOnlyDirectories=/run |
27 |
|
|
ReadOnlyDirectories=/var |
28 |
|
|
ReadWriteDirectories=/run/tor |
29 |
|
|
ReadWriteDirectories=/var/lib/tor |
30 |
|
|
ReadWriteDirectories=/var/log/tor |
31 |
|
|
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE |
32 |
|
|
PermissionsStartOnly=yes |
33 |
|
|
|
34 |
dmorgan |
196574 |
[Install] |
35 |
wally |
913975 |
WantedBy = multi-user.target |