| 1 |
[Unit] |
| 2 |
Description=Anonymizing overlay network for TCP |
| 3 |
After=syslog.target network.target nss-lookup.target |
| 4 |
PartOf=tor-master.service |
| 5 |
ReloadPropagatedFrom=tor-master.service |
| 6 |
|
| 7 |
[Service] |
| 8 |
Type=notify |
| 9 |
NotifyAccess=all |
| 10 |
ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify-config |
| 11 |
ExecStart=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc |
| 12 |
ExecReload=/bin/kill -HUP ${MAINPID} |
| 13 |
KillSignal=SIGINT |
| 14 |
TimeoutSec=30 |
| 15 |
Restart=on-failure |
| 16 |
RestartSec=1 |
| 17 |
WatchdogSec=1m |
| 18 |
LimitNOFILE=32768 |
| 19 |
|
| 20 |
# Hardening |
| 21 |
PrivateTmp=yes |
| 22 |
DeviceAllow=/dev/null rw |
| 23 |
DeviceAllow=/dev/urandom r |
| 24 |
ProtectHome=yes |
| 25 |
ProtectSystem=full |
| 26 |
ReadOnlyDirectories=/run |
| 27 |
ReadOnlyDirectories=/var |
| 28 |
ReadWriteDirectories=/run/tor |
| 29 |
ReadWriteDirectories=/var/lib/tor |
| 30 |
ReadWriteDirectories=/var/log/tor |
| 31 |
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE |
| 32 |
PermissionsStartOnly=yes |
| 33 |
|
| 34 |
[Install] |
| 35 |
WantedBy = multi-user.target |
Parent Directory
| 
Revision Log