burp-client: Switch from cron to systemd timer
systemd timer units are supported on all relevant OS versions now. There is no longer any reason to use cron.
This commit is contained in:
27
roles/burp-client/files/burp-backup.service
Normal file
27
roles/burp-client/files/burp-backup.service
Normal file
@@ -0,0 +1,27 @@
|
||||
# vim: set ft=systemd :
|
||||
[Unit]
|
||||
Description=BURP client
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=exec
|
||||
ExecStart=/usr/sbin/burp -a t -Q
|
||||
SuccessExitStatus=3
|
||||
CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH
|
||||
CapabilityBoundingSet=CAP_FOWNER CAP_LEASE CAP_SETGID CAP_SETUID
|
||||
NoNewPrivileges=yes
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProcSubset=pid
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHostname=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectProc=noaccess
|
||||
ProtectSystem=full
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service @privileged @mount
|
||||
SystemCallFilter=~@clock @debug @module @reboot @swap
|
||||
Reference in New Issue
Block a user