1 |
[Unit] |
2 |
Description=Anonymizing overlay network for TCP |
3 |
After=syslog.target network.target nss-lookup.target |
4 |
PartOf=tor-master.service |
5 |
ReloadPropagatedFrom=tor-master.service |
6 |
|
7 |
[Service] |
8 |
Type=notify |
9 |
NotifyAccess=all |
10 |
ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify-config |
11 |
ExecStart=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc |
12 |
ExecReload=/bin/kill -HUP ${MAINPID} |
13 |
KillSignal=SIGINT |
14 |
TimeoutSec=30 |
15 |
Restart=on-failure |
16 |
RestartSec=1 |
17 |
WatchdogSec=1m |
18 |
LimitNOFILE=32768 |
19 |
|
20 |
# Hardening |
21 |
PrivateTmp=yes |
22 |
DeviceAllow=/dev/null rw |
23 |
DeviceAllow=/dev/urandom r |
24 |
ProtectHome=yes |
25 |
ProtectSystem=full |
26 |
ReadOnlyDirectories=/run |
27 |
ReadOnlyDirectories=/var |
28 |
ReadWriteDirectories=/run/tor |
29 |
ReadWriteDirectories=/var/lib/tor |
30 |
ReadWriteDirectories=/var/log/tor |
31 |
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE |
32 |
PermissionsStartOnly=yes |
33 |
|
34 |
[Install] |
35 |
WantedBy = multi-user.target |